diff --git a/0.4.html b/0.4.html index c7b4987ad..5573c2aad 100644 --- a/0.4.html +++ b/0.4.html @@ -4,13 +4,13 @@ Overview | Fleet - +
-
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

- +
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

+ \ No newline at end of file diff --git a/0.4/advanced-users.html b/0.4/advanced-users.html index bcb33427d..487322e8a 100644 --- a/0.4/advanced-users.html +++ b/0.4/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - +
-
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

- +
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

+ \ No newline at end of file diff --git a/0.4/agent-initiated.html b/0.4/agent-initiated.html index f483d788a..31a647f45 100644 --- a/0.4/agent-initiated.html +++ b/0.4/agent-initiated.html @@ -4,7 +4,7 @@ Agent Initiated | Fleet - + @@ -39,8 +39,8 @@ For the agent chart the namespace must be cattle-fleet-system and t Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    --set clientID="$CLUSTER_CLIENT_ID" \
    --values values.yaml \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
- +manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
+ \ No newline at end of file diff --git a/0.4/architecture.html b/0.4/architecture.html index 8ad5d930e..7df37c95d 100644 --- a/0.4/architecture.html +++ b/0.4/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

- +subresource of it's Cluster resource.

+ \ No newline at end of file diff --git a/0.4/bundle-diffs.html b/0.4/bundle-diffs.html index 59d1c0570..2e4d2561b 100644 --- a/0.4/bundle-diffs.html +++ b/0.4/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - +
Skip to main content
Version: 0.4

Generating Diffs for Modified GitRepos

Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

This leads the status of the bundle and associated GitRepo to be reported as "Modified"

Associated Bundle -

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

- +

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

+ \ No newline at end of file diff --git a/0.4/cluster-bundles-state.html b/0.4/cluster-bundles-state.html index f803afc23..400b3fbb1 100644 --- a/0.4/cluster-bundles-state.html +++ b/0.4/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - +
-
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

- +
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

+ \ No newline at end of file diff --git a/0.4/cluster-group.html b/0.4/cluster-group.html index f2ec6ca0b..13322c443 100644 --- a/0.4/cluster-group.html +++ b/0.4/cluster-group.html @@ -4,7 +4,7 @@ Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
- +status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
+ \ No newline at end of file diff --git a/0.4/cluster-overview.html b/0.4/cluster-overview.html index c9e6996d2..ae30dbce8 100644 --- a/0.4/cluster-overview.html +++ b/0.4/cluster-overview.html @@ -4,7 +4,7 @@ Overview | Fleet - + @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

- +or Rancher.

+ \ No newline at end of file diff --git a/0.4/cluster-tokens.html b/0.4/cluster-tokens.html index 39c2b62ce..cba9086d6 100644 --- a/0.4/cluster-tokens.html +++ b/0.4/cluster-tokens.html @@ -4,7 +4,7 @@ Cluster Registration Tokens | Fleet - + @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

kind: ClusterRegistrationToken
apiVersion: "fleet.cattle.io/v1alpha1"
metadata:
    name: new-token
    namespace: clusters
spec:
    # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
    ttl: 240h

After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

One way to do so is via the following one-liner:

while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

Obtaining Token Value (Agent values.yaml)​

The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

- +above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

+ \ No newline at end of file diff --git a/0.4/concepts.html b/0.4/concepts.html index cfb164c77..dac5492d3 100644 --- a/0.4/concepts.html +++ b/0.4/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • - +the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • + \ No newline at end of file diff --git a/0.4/examples.html b/0.4/examples.html index d8db495cc..f6e5761e3 100644 --- a/0.4/examples.html +++ b/0.4/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - +
    Skip to main content
    Version: 0.4

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    - +of the three are in the Fleet Examples repo.

    + \ No newline at end of file diff --git a/0.4/gitrepo-add.html b/0.4/gitrepo-add.html index 8d7033fd0..bc8578eca 100644 --- a/0.4/gitrepo-add.html +++ b/0.4/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - +
    Skip to main content
    Version: 0.4

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the GitRepo payload for config maps and secrets (no active deployments or payloads).

    danger

    While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in fleet-local.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    + \ No newline at end of file diff --git a/0.4/gitrepo-structure.html b/0.4/gitrepo-structure.html index 354ee0814..07f2225bd 100644 --- a/0.4/gitrepo-structure.html +++ b/0.4/gitrepo-structure.html @@ -4,7 +4,7 @@ Expected Repo Structure | Fleet - + @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    + \ No newline at end of file diff --git a/0.4/gitrepo-targets.html b/0.4/gitrepo-targets.html index 6f7baa2b6..16037dd4f 100644 --- a/0.4/gitrepo-targets.html +++ b/0.4/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    - +and add clusters to it.

    + \ No newline at end of file diff --git a/0.4/imagescan.html b/0.4/imagescan.html index 3032fe6e0..634c12a2e 100644 --- a/0.4/imagescan.html +++ b/0.4/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - +
    Skip to main content
    Version: 0.4

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    + \ No newline at end of file diff --git a/0.4/installation.html b/0.4/installation.html index 472c58908..b3e0e6124 100644 --- a/0.4/installation.html +++ b/0.4/installation.html @@ -4,7 +4,7 @@ Installation | Fleet - + @@ -13,8 +13,8 @@ Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    - +point. After which you can move from single cluster to multi-cluster setup down the line.

    + \ No newline at end of file diff --git a/0.4/manager-initiated.html b/0.4/manager-initiated.html index c7a57070e..bbb47dd30 100644 --- a/0.4/manager-initiated.html +++ b/0.4/manager-initiated.html @@ -4,7 +4,7 @@ Manager Initiated | Fleet - + @@ -15,8 +15,8 @@ of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    + \ No newline at end of file diff --git a/0.4/multi-cluster-install.html b/0.4/multi-cluster-install.html index 145b9c2bd..ccbfef9d0 100644 --- a/0.4/multi-cluster-install.html +++ b/0.4/multi-cluster-install.html @@ -4,7 +4,7 @@ Multi-cluster Install | Fleet - + @@ -35,8 +35,8 @@ only because the curl command is not setting proper credentials, but this valida connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    - +the Fleet manager.

    + \ No newline at end of file diff --git a/0.4/namespaces.html b/0.4/namespaces.html index 6e541330c..0df72100a 100644 --- a/0.4/namespaces.html +++ b/0.4/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    + \ No newline at end of file diff --git a/0.4/quickstart.html b/0.4/quickstart.html index 36ae5484a..eec35ddc3 100644 --- a/0.4/quickstart.html +++ b/0.4/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Skip to main content
    Version: 0.4

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    + \ No newline at end of file diff --git a/0.4/single-cluster-install.html b/0.4/single-cluster-install.html index 76790084b..e2a11e1b1 100644 --- a/0.4/single-cluster-install.html +++ b/0.4/single-cluster-install.html @@ -4,7 +4,7 @@ Single Cluster Install | Fleet - + @@ -18,8 +18,8 @@ fairly straight forward. To install the Helm 3 CLI follow the official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    - +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    + \ No newline at end of file diff --git a/0.4/troubleshooting.html b/0.4/troubleshooting.html index 6a2a02276..e11eb45ac 100644 --- a/0.4/troubleshooting.html +++ b/0.4/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Skip to main content
    Version: 0.4

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    + \ No newline at end of file diff --git a/0.4/uninstall.html b/0.4/uninstall.html index 0f7137546..ef57e23dd 100644 --- a/0.4/uninstall.html +++ b/0.4/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Skip to main content
    Version: 0.4

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    + \ No newline at end of file diff --git a/0.4/webhook.html b/0.4/webhook.html index e196cf008..1c17a2188 100644 --- a/0.4/webhook.html +++ b/0.4/webhook.html @@ -4,7 +4,7 @@ Webhook | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.4

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    + \ No newline at end of file diff --git a/0.5.html b/0.5.html index 6e9143826..b1cbf0079 100644 --- a/0.5.html +++ b/0.5.html @@ -4,13 +4,13 @@ Overview | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    + \ No newline at end of file diff --git a/0.5/advanced-users.html b/0.5/advanced-users.html index b9d180649..a47fec326 100644 --- a/0.5/advanced-users.html +++ b/0.5/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    + \ No newline at end of file diff --git a/0.5/agent-initiated.html b/0.5/agent-initiated.html index 15ae7dacf..811103a10 100644 --- a/0.5/agent-initiated.html +++ b/0.5/agent-initiated.html @@ -4,7 +4,7 @@ Agent Initiated | Fleet - + @@ -39,8 +39,8 @@ For the agent chart the namespace must be cattle-fleet-system and t Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    - +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    + \ No newline at end of file diff --git a/0.5/architecture.html b/0.5/architecture.html index 8f7993287..45b321db3 100644 --- a/0.5/architecture.html +++ b/0.5/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    - +subresource of it's Cluster resource.

    + \ No newline at end of file diff --git a/0.5/bundle-diffs.html b/0.5/bundle-diffs.html index 5b2dc42b4..2cbcd2050 100644 --- a/0.5/bundle-diffs.html +++ b/0.5/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - +
    Skip to main content
    Version: 0.5

    Generating Diffs for Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    + \ No newline at end of file diff --git a/0.5/cluster-bundles-state.html b/0.5/cluster-bundles-state.html index 0ae5bb7f5..0784eac70 100644 --- a/0.5/cluster-bundles-state.html +++ b/0.5/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    + \ No newline at end of file diff --git a/0.5/cluster-group.html b/0.5/cluster-group.html index f1088b96b..a306e1f84 100644 --- a/0.5/cluster-group.html +++ b/0.5/cluster-group.html @@ -4,7 +4,7 @@ Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    + \ No newline at end of file diff --git a/0.5/cluster-overview.html b/0.5/cluster-overview.html index 06350fdf1..75505447d 100644 --- a/0.5/cluster-overview.html +++ b/0.5/cluster-overview.html @@ -4,7 +4,7 @@ Overview | Fleet - + @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

    - +or Rancher.

    + \ No newline at end of file diff --git a/0.5/cluster-tokens.html b/0.5/cluster-tokens.html index 6abdc75e8..de4b6be43 100644 --- a/0.5/cluster-tokens.html +++ b/0.5/cluster-tokens.html @@ -4,7 +4,7 @@ Cluster Registration Tokens | Fleet - + @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

    kind: ClusterRegistrationToken
    apiVersion: "fleet.cattle.io/v1alpha1"
    metadata:
        name: new-token
        namespace: clusters
    spec:
        # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
        ttl: 240h

    After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

    One way to do so is via the following one-liner:

    while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

    Obtaining Token Value (Agent values.yaml)​

    The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

    Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    - +above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    + \ No newline at end of file diff --git a/0.5/concepts.html b/0.5/concepts.html index 99c828d72..f30ed4203 100644 --- a/0.5/concepts.html +++ b/0.5/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • - +the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • + \ No newline at end of file diff --git a/0.5/examples.html b/0.5/examples.html index 021676b56..3daaf1d69 100644 --- a/0.5/examples.html +++ b/0.5/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - +
    Skip to main content
    Version: 0.5

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    + \ No newline at end of file diff --git a/0.5/gitrepo-add.html b/0.5/gitrepo-add.html index 4594d404d..9be427215 100644 --- a/0.5/gitrepo-add.html +++ b/0.5/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - +
    Skip to main content
    Version: 0.5

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the GitRepo payload for config maps and secrets (no active deployments or payloads).

    danger

    While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in fleet-local.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    + \ No newline at end of file diff --git a/0.5/gitrepo-structure.html b/0.5/gitrepo-structure.html index 3830aee35..7e91a3efe 100644 --- a/0.5/gitrepo-structure.html +++ b/0.5/gitrepo-structure.html @@ -4,7 +4,7 @@ Expected Repo Structure | Fleet - + @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    + \ No newline at end of file diff --git a/0.5/gitrepo-targets.html b/0.5/gitrepo-targets.html index 77fa14601..0a66588e2 100644 --- a/0.5/gitrepo-targets.html +++ b/0.5/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    - +and add clusters to it.

    + \ No newline at end of file diff --git a/0.5/imagescan.html b/0.5/imagescan.html index ac6ad9029..666e886bc 100644 --- a/0.5/imagescan.html +++ b/0.5/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - +
    Skip to main content
    Version: 0.5

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    + \ No newline at end of file diff --git a/0.5/installation.html b/0.5/installation.html index b32714123..818dd0a36 100644 --- a/0.5/installation.html +++ b/0.5/installation.html @@ -4,7 +4,7 @@ Installation | Fleet - + @@ -13,8 +13,8 @@ Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    - +point. After which you can move from single cluster to multi-cluster setup down the line.

    + \ No newline at end of file diff --git a/0.5/manager-initiated.html b/0.5/manager-initiated.html index b7e202c80..f96776db7 100644 --- a/0.5/manager-initiated.html +++ b/0.5/manager-initiated.html @@ -4,7 +4,7 @@ Manager Initiated | Fleet - + @@ -15,8 +15,8 @@ of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    + \ No newline at end of file diff --git a/0.5/multi-cluster-install.html b/0.5/multi-cluster-install.html index 48a15b841..582c1a153 100644 --- a/0.5/multi-cluster-install.html +++ b/0.5/multi-cluster-install.html @@ -4,7 +4,7 @@ Multi Cluster Install | Fleet - + @@ -35,8 +35,8 @@ only because the curl command is not setting proper credentials, but this valida connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    - +the Fleet manager.

    + \ No newline at end of file diff --git a/0.5/namespaces.html b/0.5/namespaces.html index fc07fa436..6f6d8d35c 100644 --- a/0.5/namespaces.html +++ b/0.5/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/quickstart.html b/0.5/quickstart.html index 04df284cd..82c24b20e 100644 --- a/0.5/quickstart.html +++ b/0.5/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Skip to main content
    Version: 0.5

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/single-cluster-install.html b/0.5/single-cluster-install.html index 641a9fbde..20fde635f 100644 --- a/0.5/single-cluster-install.html +++ b/0.5/single-cluster-install.html @@ -4,7 +4,7 @@ Single Cluster Install | Fleet - + @@ -18,8 +18,8 @@ fairly straight forward. To install the Helm 3 CLI follow the official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/troubleshooting.html b/0.5/troubleshooting.html index c92ffb95c..f38dfb1f4 100644 --- a/0.5/troubleshooting.html +++ b/0.5/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Skip to main content
    Version: 0.5

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/uninstall.html b/0.5/uninstall.html index 5afecb6a9..1bbd28092 100644 --- a/0.5/uninstall.html +++ b/0.5/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Skip to main content
    Version: 0.5

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/webhook.html b/0.5/webhook.html index f2c543b4c..8eeb8e7db 100644 --- a/0.5/webhook.html +++ b/0.5/webhook.html @@ -4,7 +4,7 @@ Webhook | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.5

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6.html b/0.6.html index 51cb00a5a..7b512b178 100644 --- a/0.6.html +++ b/0.6.html @@ -4,13 +4,13 @@ Overview | Fleet - +
    -
    Skip to main content
    Version: 0.6

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/architecture.html b/0.6/architecture.html index e980e66a6..9550ec61b 100644 --- a/0.6/architecture.html +++ b/0.6/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/bundle-diffs.html b/0.6/bundle-diffs.html index 9539d1874..6d3680b78 100644 --- a/0.6/bundle-diffs.html +++ b/0.6/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs to Ignore Modified GitRepos | Fleet - +
    Skip to main content
    Version: 0.6

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cli/fleet-agent.html b/0.6/cli/fleet-agent.html index 98c20ca26..a7991b5fa 100644 --- a/0.6/cli/fleet-agent.html +++ b/0.6/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Skip to main content
    Version: 0.6

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet.html b/0.6/cli/fleet-cli/fleet.html index b271865a7..248f9bcd4 100644 --- a/0.6/cli/fleet-cli/fleet.html +++ b/0.6/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Skip to main content
    Version: 0.6

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet_apply.html b/0.6/cli/fleet-cli/fleet_apply.html index f05fe9f3e..f6ff4f3c1 100644 --- a/0.6/cli/fleet-cli/fleet_apply.html +++ b/0.6/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Skip to main content
    Version: 0.6

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet_test.html b/0.6/cli/fleet-cli/fleet_test.html index d473de5b4..ee267605f 100644 --- a/0.6/cli/fleet-cli/fleet_test.html +++ b/0.6/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Skip to main content
    Version: 0.6

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cli/fleet-controller/fleet-manager.html b/0.6/cli/fleet-controller/fleet-manager.html index 0ec362c0e..9752e8b96 100644 --- a/0.6/cli/fleet-controller/fleet-manager.html +++ b/0.6/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cluster-bundles-state.html b/0.6/cluster-bundles-state.html index 2ebaf6ec3..6f6a5513e 100644 --- a/0.6/cluster-bundles-state.html +++ b/0.6/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - +
    -
    Skip to main content
    Version: 0.6

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cluster-group.html b/0.6/cluster-group.html index 9e095f66d..994066482 100644 --- a/0.6/cluster-group.html +++ b/0.6/cluster-group.html @@ -4,7 +4,7 @@ Create Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/cluster-registration.html b/0.6/cluster-registration.html index a00ec97bb..79dd3bc7f 100644 --- a/0.6/cluster-registration.html +++ b/0.6/cluster-registration.html @@ -4,7 +4,7 @@ Register Downstream Clusters | Fleet - + @@ -75,8 +75,8 @@ above example one can run the following one-liner:

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. -This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/concepts.html b/0.6/concepts.html index d43500550..7e37ad2b5 100644 --- a/0.6/concepts.html +++ b/0.6/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/gitrepo-add.html b/0.6/gitrepo-add.html index 391e5e48d..cec2f39b2 100644 --- a/0.6/gitrepo-add.html +++ b/0.6/gitrepo-add.html @@ -4,7 +4,7 @@ Create a GitRepo Resource | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.6

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer to the creating a deployment tutorial for examples.

    The available fields are documented in the GitRepo resource reference

    Using Helm Values​

    How changes are applied to values.yaml:

    • Note that the most recently applied changes to the values.yaml will override any previously existing values.

    • When changes are applied to the values.yaml from multiple sources at the same time, the values will update in the following order: helm.values -> helm.valuesFiles -> helm.valuesFrom. That means valuesFrom will take precedence over both, valuesFiles and values.

    Using ValuesFrom​

    These examples showcase the style and format for using valuesFrom. ConfigMaps and Secrets should be created in downstream clusters.

    Example ConfigMap:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: configmap-values
      namespace: default
    data:  
      values.yaml: |-
        replication: true
        replicas: 2
        serviceType: NodePort

    Example Secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: secret-values
      namespace: default
    stringData:
      values.yaml: |-
        replication: true
        replicas: 3
        serviceType: NodePort

    A secret like that, can be created from a YAML file secretdata.yaml by running the following kubectl command: kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml

    The resources can then be referenced from a fleet.yaml:

    helm:
      chart: simple-chart
      valuesFrom:
        - secretKeyRef:
            name: secret-values
            namespace: default
            key: values.yaml
        - configMapKeyRef:
            name: configmap-values
            namespace: default
            key: values.yaml
      values:
        replicas: "4"

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use -helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/gitrepo-content.html b/0.6/gitrepo-content.html index a47169b38..4bfa68947 100644 --- a/0.6/gitrepo-content.html +++ b/0.6/gitrepo-content.html @@ -4,7 +4,7 @@ Git Repository Contents | Fleet - + @@ -43,8 +43,8 @@ the contents of a file the convention of adding _patch. (notice the will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/gitrepo-targets.html b/0.6/gitrepo-targets.html index ee0c33c52..d838590ae 100644 --- a/0.6/gitrepo-targets.html +++ b/0.6/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -19,8 +19,8 @@ the final match is evaluated as "clusterSelector && clusterGroupSel default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default Target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default and add clusters to it.

    Customization per Cluster​

    To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use multi-cluster/helm/fleet.yaml.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/imagescan.html b/0.6/imagescan.html index a80d51166..7c75d5116 100644 --- a/0.6/imagescan.html +++ b/0.6/imagescan.html @@ -4,15 +4,15 @@ Using Image Scan to Update Container Image References | Fleet - +
    Skip to main content
    Version: 0.6

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/installation.html b/0.6/installation.html index 89c336f28..164bdee4c 100644 --- a/0.6/installation.html +++ b/0.6/installation.html @@ -4,7 +4,7 @@ Installation Details | Fleet - + @@ -37,8 +37,8 @@ the ca.pem is not correct. The contents of the $API_SERVER_CA and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/multi-user.html b/0.6/multi-user.html index 2257b839b..283ea0b44 100644 --- a/0.6/multi-user.html +++ b/0.6/multi-user.html @@ -4,7 +4,7 @@ Setup Multi User | Fleet - + @@ -17,8 +17,8 @@ deploy cluster wide resources. Even with the available Fleet restrictions, users are only restricted to namespaces, but namespaces don't provide much isolation on their own. E.g. they can still consume as many resources as they like.

    However, the existing Fleet restrictions allow users to share clusters, and -deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/namespaces.html b/0.6/namespaces.html index 6e59a082d..4a1d7bb63 100644 --- a/0.6/namespaces.html +++ b/0.6/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/quickstart.html b/0.6/quickstart.html index 20e49a6ba..e2b1d352d 100644 --- a/0.6/quickstart.html +++ b/0.6/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Skip to main content
    Version: 0.6

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-bundle-stages.html b/0.6/ref-bundle-stages.html index 21611a51d..d6f7eb649 100644 --- a/0.6/ref-bundle-stages.html +++ b/0.6/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Lifecycle | Fleet - +
    -
    Skip to main content
    Version: 0.6

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-configuration.html b/0.6/ref-configuration.html index 4c096843a..522f40c76 100644 --- a/0.6/ref-configuration.html +++ b/0.6/ref-configuration.html @@ -4,13 +4,13 @@ Configuration | Fleet - +
    -
    Skip to main content
    Version: 0.6

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-crds.html b/0.6/ref-crds.html index ff8f49f71..8edf94286 100644 --- a/0.6/ref-crds.html +++ b/0.6/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources Spec | Fleet - +
    -
    Skip to main content
    Version: 0.6

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-fleet-yaml.html b/0.6/ref-fleet-yaml.html index 4ee1f3877..6617c2dbb 100644 --- a/0.6/ref-fleet-yaml.html +++ b/0.6/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - +
    -
    Skip to main content
    Version: 0.6

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. However, the `uuidv4` function is not supported.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.6

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. However, the `uuidv4` function is not supported.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-gitrepo.html b/0.6/ref-gitrepo.html index 150316f77..0a82e9899 100644 --- a/0.6/ref-gitrepo.html +++ b/0.6/ref-gitrepo.html @@ -4,14 +4,14 @@ GitRepo Resource | Fleet - +
    Skip to main content
    Version: 0.6

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. -For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoUrlRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoUrlRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-registration.html b/0.6/ref-registration.html index 42d350398..825931f77 100644 --- a/0.6/ref-registration.html +++ b/0.6/ref-registration.html @@ -4,14 +4,14 @@ Cluster Registration Internals | Fleet - +
    Skip to main content
    Version: 0.6

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/ref-resources.html b/0.6/ref-resources.html index fa10cbc10..7c86b083a 100644 --- a/0.6/ref-resources.html +++ b/0.6/ref-resources.html @@ -4,13 +4,13 @@ Custom Resources | Fleet - +
    -
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/troubleshooting.html b/0.6/troubleshooting.html index d883b16e3..8dc5d122e 100644 --- a/0.6/troubleshooting.html +++ b/0.6/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Skip to main content
    Version: 0.6

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/tut-deployment.html b/0.6/tut-deployment.html index 0dfad3631..f58f83d86 100644 --- a/0.6/tut-deployment.html +++ b/0.6/tut-deployment.html @@ -4,7 +4,7 @@ Creating a Deployment | Fleet - + @@ -13,8 +13,8 @@ For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The application will be customized as follows per environment:

    • Dev clusters: Only the redis leader is deployed and not the followers.
    • Test clusters: Scale the front deployment to 3
    • Prod clusters: Scale the front deployment to 3 and set the service type to LoadBalancer

    The fleet.yaml is used to control which 'yaml' overlays are used, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-manifest-example
    targetCustomizations:
    - name: dev
      clusterSelector:
        matchLabels:
          env: dev
      yaml:
        overlays:
        # Refers to overlays/noreplication folder
        - noreplication

    - name: test
      clusterSelector:
        matchLabels:
          env: test
      yaml:
        overlays:
        # Refers to overlays/scale3 folder
        - scale3

    - name: prod
      clusterSelector:
        matchLabels:
          env: prod
      yaml:
        # Refers to overlays/servicelb, scale3 folders
        overlays:
        - servicelb
        - scale3

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: manifests
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/manifests
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod
    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/uninstall.html b/0.6/uninstall.html index 7301f68c1..73f696233 100644 --- a/0.6/uninstall.html +++ b/0.6/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.6/webhook.html b/0.6/webhook.html index e30875f1a..76be072bf 100644 --- a/0.6/webhook.html +++ b/0.6/webhook.html @@ -4,7 +4,7 @@ Using Webhooks Instead of Polling | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.6

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/404.html b/404.html index 094cb8c51..379eab727 100644 --- a/404.html +++ b/404.html @@ -4,13 +4,13 @@ Page Not Found | Fleet - +
    Skip to main content

    Page Not Found

    We could not find what you were looking for.

    Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - + \ No newline at end of file diff --git a/architecture.html b/architecture.html index 8a61388d9..4e77c1883 100644 --- a/architecture.html +++ b/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/assets/js/01b4035b.dcf6f9a8.js b/assets/js/01b4035b.969bb018.js similarity index 98% rename from assets/js/01b4035b.dcf6f9a8.js rename to assets/js/01b4035b.969bb018.js index 5789cd281..53adaafbf 100644 --- a/assets/js/01b4035b.dcf6f9a8.js +++ b/assets/js/01b4035b.969bb018.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/gitrepo-content"},next:{title:"Custom Resources",permalink:"/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...s}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,s,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,l.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,l.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,l.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,l.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,l.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,l.kt)("p",null,"If you are using Fleet in a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,l.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,l.kt)("p",null,"For a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("p",null,"An overview of the ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,l.kt)("p",null,(0,l.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1600",height:"1750"})),(0,l.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,l.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,l.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,l.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/gitrepo-content"},next:{title:"Custom Resources",permalink:"/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...s}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,s,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,l.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,l.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,l.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,l.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,l.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,l.kt)("p",null,"If you are using Fleet in a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,l.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,l.kt)("p",null,"For a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("p",null,"An overview of the ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,l.kt)("p",null,(0,l.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1600",height:"1750"})),(0,l.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,l.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,l.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,l.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file diff --git a/assets/js/0252b8ff.bc50d989.js b/assets/js/0252b8ff.5446699d.js similarity index 99% rename from assets/js/0252b8ff.bc50d989.js rename to assets/js/0252b8ff.5446699d.js index 087872445..24ee14a8c 100644 --- a/assets/js/0252b8ff.bc50d989.js +++ b/assets/js/0252b8ff.5446699d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/07db75e5.ab3d4962.js b/assets/js/07db75e5.395c8c36.js similarity index 99% rename from assets/js/07db75e5.ab3d4962.js rename to assets/js/07db75e5.395c8c36.js index fac766e82..56e606e66 100644 --- a/assets/js/07db75e5.ab3d4962.js +++ b/assets/js/07db75e5.395c8c36.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),r=n(6828),i=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",r.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",r.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),r=n(6828),i=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",r.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",r.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0a06c365.1e85dd69.js b/assets/js/0a06c365.485005a9.js similarity index 99% rename from assets/js/0a06c365.1e85dd69.js rename to assets/js/0a06c365.485005a9.js index 8db11456c..b151fcb1f 100644 --- a/assets/js/0a06c365.1e85dd69.js +++ b/assets/js/0a06c365.485005a9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>h,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function h(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}h.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>h,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function h(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}h.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/0ce1d2b6.71902f5c.js b/assets/js/0ce1d2b6.4df972f2.js similarity index 99% rename from assets/js/0ce1d2b6.71902f5c.js rename to assets/js/0ce1d2b6.4df972f2.js index 05c9a6a40..3b3341248 100644 --- a/assets/js/0ce1d2b6.71902f5c.js +++ b/assets/js/0ce1d2b6.4df972f2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8646],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"version-0.6/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.6/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.6/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-content.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.6/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.6/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.6/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8646],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"version-0.6/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.6/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.6/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-content.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.6/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.6/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.6/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0db4760e.6caf0e0e.js b/assets/js/0db4760e.8f818422.js similarity index 98% rename from assets/js/0db4760e.6caf0e0e.js rename to assets/js/0db4760e.8f818422.js index f9fee4c34..4d976e8be 100644 --- a/assets/js/0db4760e.6caf0e0e.js +++ b/assets/js/0db4760e.8f818422.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2771],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"version-0.6/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.6/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.6/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-add.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.6/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.6/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2771],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"version-0.6/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.6/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.6/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-add.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.6/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.6/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0e50cd4d.0ec5dac6.js b/assets/js/0e50cd4d.15fa1c1e.js similarity index 82% rename from assets/js/0e50cd4d.0ec5dac6.js rename to assets/js/0e50cd4d.15fa1c1e.js index 58eac511f..f1c14895f 100644 --- a/assets/js/0e50cd4d.0ec5dac6.js +++ b/assets/js/0e50cd4d.15fa1c1e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/10f03480.c84d441c.js b/assets/js/10f03480.51a2d7dc.js similarity index 98% rename from assets/js/10f03480.c84d441c.js rename to assets/js/10f03480.51a2d7dc.js index ab98e6941..4af1913b9 100644 --- a/assets/js/10f03480.c84d441c.js +++ b/assets/js/10f03480.51a2d7dc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/11f54a6a.023947aa.js b/assets/js/11f54a6a.34545f44.js similarity index 99% rename from assets/js/11f54a6a.023947aa.js rename to assets/js/11f54a6a.34545f44.js index ec37f6423..f6be0704f 100644 --- a/assets/js/11f54a6a.023947aa.js +++ b/assets/js/11f54a6a.34545f44.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/12f4838b.47c7248d.js b/assets/js/12f4838b.1ce7a30d.js similarity index 98% rename from assets/js/12f4838b.47c7248d.js rename to assets/js/12f4838b.1ce7a30d.js index b2ac68faf..e19a639ab 100644 --- a/assets/js/12f4838b.47c7248d.js +++ b/assets/js/12f4838b.1ce7a30d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/170989a3.5d043215.js b/assets/js/170989a3.c5736c81.js similarity index 97% rename from assets/js/170989a3.5d043215.js rename to assets/js/170989a3.c5736c81.js index 09197200c..f98972b8a 100644 --- a/assets/js/170989a3.5d043215.js +++ b/assets/js/170989a3.c5736c81.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7107],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.6/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.6/index.md",sourceDirName:".",slug:"/",permalink:"/0.6/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/index.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.6/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7107],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.6/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.6/index.md",sourceDirName:".",slug:"/",permalink:"/0.6/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/index.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.6/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/1bd61b9d.625c0401.js b/assets/js/1bd61b9d.5985aeff.js similarity index 99% rename from assets/js/1bd61b9d.625c0401.js rename to assets/js/1bd61b9d.5985aeff.js index c6ccd4ff1..dd946a423 100644 --- a/assets/js/1bd61b9d.625c0401.js +++ b/assets/js/1bd61b9d.5985aeff.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6950],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.6/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.6/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.6/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/bundle-diffs.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6950],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.6/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.6/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.6/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/bundle-diffs.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/1f14308a.bdaea58c.js b/assets/js/1f14308a.1bfe8f0e.js similarity index 97% rename from assets/js/1f14308a.bdaea58c.js rename to assets/js/1f14308a.1bfe8f0e.js index 3e3e1ec81..aa81630f9 100644 --- a/assets/js/1f14308a.bdaea58c.js +++ b/assets/js/1f14308a.1bfe8f0e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/1fec2b35.cf641d3d.js b/assets/js/1fec2b35.27e8aa94.js similarity index 96% rename from assets/js/1fec2b35.cf641d3d.js rename to assets/js/1fec2b35.27e8aa94.js index 0eb282d26..b1fa0f7cf 100644 --- a/assets/js/1fec2b35.cf641d3d.js +++ b/assets/js/1fec2b35.27e8aa94.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/22b369d5.c10648c2.js b/assets/js/22b369d5.7430bed8.js similarity index 96% rename from assets/js/22b369d5.c10648c2.js rename to assets/js/22b369d5.7430bed8.js index 571adc1c6..e08313ac3 100644 --- a/assets/js/22b369d5.c10648c2.js +++ b/assets/js/22b369d5.7430bed8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/246340c6.679a7806.js b/assets/js/246340c6.d5236c4e.js similarity index 98% rename from assets/js/246340c6.679a7806.js rename to assets/js/246340c6.d5236c4e.js index 310da9010..7db5f6731 100644 --- a/assets/js/246340c6.679a7806.js +++ b/assets/js/246340c6.d5236c4e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4508],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.6/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.6/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.6/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-targets.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4508],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.6/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.6/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.6/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-targets.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2d618eff.85145c8f.js b/assets/js/2d618eff.b90118a7.js similarity index 95% rename from assets/js/2d618eff.85145c8f.js rename to assets/js/2d618eff.b90118a7.js index 686cae38a..3ddb2ce21 100644 --- a/assets/js/2d618eff.85145c8f.js +++ b/assets/js/2d618eff.b90118a7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2dc49bc9.7a58d729.js b/assets/js/2dc49bc9.beff64e3.js similarity index 97% rename from assets/js/2dc49bc9.7a58d729.js rename to assets/js/2dc49bc9.beff64e3.js index 0cdf69915..858df1d38 100644 --- a/assets/js/2dc49bc9.7a58d729.js +++ b/assets/js/2dc49bc9.beff64e3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8459],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.6/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.6/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8459],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.6/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.6/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/32c7bf40.5fafd2b7.js b/assets/js/32c7bf40.599a28cb.js similarity index 99% rename from assets/js/32c7bf40.5fafd2b7.js rename to assets/js/32c7bf40.599a28cb.js index 9b2eb46c6..b407670dd 100644 --- a/assets/js/32c7bf40.5fafd2b7.js +++ b/assets/js/32c7bf40.599a28cb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6095],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.6/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.6/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.6/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-fleet-yaml.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. However, the `uuidv4` function is not supported.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6095],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.6/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.6/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.6/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-fleet-yaml.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. However, the `uuidv4` function is not supported.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/340d0560.45c39726.js b/assets/js/340d0560.fca63a90.js similarity index 95% rename from assets/js/340d0560.45c39726.js rename to assets/js/340d0560.fca63a90.js index 4a96e03e2..52f030793 100644 --- a/assets/js/340d0560.45c39726.js +++ b/assets/js/340d0560.fca63a90.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||l;return n?r.createElement(d,o(o({ref:t},f),{},{components:n})):r.createElement(d,o({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||l;return n?r.createElement(d,o(o({ref:t},f),{},{components:n})):r.createElement(d,o({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34a3c1ae.d97cd036.js b/assets/js/34a3c1ae.c3e12415.js similarity index 99% rename from assets/js/34a3c1ae.d97cd036.js rename to assets/js/34a3c1ae.c3e12415.js index 0c6b29efc..c9713b1e3 100644 --- a/assets/js/34a3c1ae.d97cd036.js +++ b/assets/js/34a3c1ae.c3e12415.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34eb4307.095433c7.js b/assets/js/34eb4307.3efec493.js similarity index 98% rename from assets/js/34eb4307.095433c7.js rename to assets/js/34eb4307.3efec493.js index bf15be078..c7a1abde3 100644 --- a/assets/js/34eb4307.095433c7.js +++ b/assets/js/34eb4307.3efec493.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/3718f698.821acb05.js b/assets/js/3718f698.8e081315.js similarity index 97% rename from assets/js/3718f698.821acb05.js rename to assets/js/3718f698.8e081315.js index deb5ae601..9d6464bd0 100644 --- a/assets/js/3718f698.821acb05.js +++ b/assets/js/3718f698.8e081315.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>f});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),d=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=d(e.components);return n.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(r),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return r?n.createElement(m,s(s({ref:t},i),{},{components:r})):n.createElement(m,s({ref:t},i))}));function f(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{r.r(t),r.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var n=r(7462),a=(r(7294),r(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/ref-registration"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>f});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),d=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=d(e.components);return n.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(r),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return r?n.createElement(m,s(s({ref:t},i),{},{components:r})):n.createElement(m,s({ref:t},i))}));function f(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{r.r(t),r.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var n=r(7462),a=(r(7294),r(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/ref-registration"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/39f5e362.3a79f641.js b/assets/js/39f5e362.f9ddd53a.js similarity index 99% rename from assets/js/39f5e362.3a79f641.js rename to assets/js/39f5e362.f9ddd53a.js index 3bd4c087e..9ccc85d47 100644 --- a/assets/js/39f5e362.3a79f641.js +++ b/assets/js/39f5e362.f9ddd53a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3b8c55ea.2eff977e.js b/assets/js/3b8c55ea.99d727d7.js similarity index 97% rename from assets/js/3b8c55ea.2eff977e.js rename to assets/js/3b8c55ea.99d727d7.js index 07da3d995..20e073896 100644 --- a/assets/js/3b8c55ea.2eff977e.js +++ b/assets/js/3b8c55ea.99d727d7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>w});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function A(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function w(e){const t=(0,g.Z)();return n.createElement(A,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},9250:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},9250:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/3d7b86e7.33f39982.js b/assets/js/3d7b86e7.a63bce63.js similarity index 95% rename from assets/js/3d7b86e7.33f39982.js rename to assets/js/3d7b86e7.a63bce63.js index 491d9adf3..f01347ed7 100644 --- a/assets/js/3d7b86e7.33f39982.js +++ b/assets/js/3d7b86e7.a63bce63.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3951],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.6/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.6/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.6/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-resources.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.6/namespaces"},next:{title:"Installation Details",permalink:"/0.6/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3951],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.6/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.6/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.6/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-resources.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.6/namespaces"},next:{title:"Installation Details",permalink:"/0.6/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/45a5cd1f.d2d49472.js b/assets/js/45a5cd1f.54d6d18f.js similarity index 99% rename from assets/js/45a5cd1f.d2d49472.js rename to assets/js/45a5cd1f.54d6d18f.js index b179236bc..d3748f5c8 100644 --- a/assets/js/45a5cd1f.d2d49472.js +++ b/assets/js/45a5cd1f.54d6d18f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/46c9c1f8.09c99ba2.js b/assets/js/46c9c1f8.2645e926.js similarity index 97% rename from assets/js/46c9c1f8.09c99ba2.js rename to assets/js/46c9c1f8.2645e926.js index 50ac15cb2..c6b1a026e 100644 --- a/assets/js/46c9c1f8.09c99ba2.js +++ b/assets/js/46c9c1f8.2645e926.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.6/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.6/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.6/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-registration.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.6/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.6/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.6/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.6/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-registration.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.6/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file diff --git a/assets/js/49af6a86.241dd0cc.js b/assets/js/49af6a86.061b42dc.js similarity index 98% rename from assets/js/49af6a86.241dd0cc.js rename to assets/js/49af6a86.061b42dc.js index ee078dd0f..1bfd3ed0b 100644 --- a/assets/js/49af6a86.241dd0cc.js +++ b/assets/js/49af6a86.061b42dc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/4ccb6852.68802ab0.js b/assets/js/4ccb6852.83229c95.js similarity index 97% rename from assets/js/4ccb6852.68802ab0.js rename to assets/js/4ccb6852.83229c95.js index 04bcddf64..ca767e431 100644 --- a/assets/js/4ccb6852.68802ab0.js +++ b/assets/js/4ccb6852.83229c95.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/cluster-registration"},next:{title:"Setup Multi User",permalink:"/multi-user"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/cluster-registration"},next:{title:"Setup Multi User",permalink:"/multi-user"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/4fac8f87.6cd3c5c5.js b/assets/js/4fac8f87.b13acd28.js similarity index 97% rename from assets/js/4fac8f87.6cd3c5c5.js rename to assets/js/4fac8f87.b13acd28.js index 319f843bc..0dd4e82e5 100644 --- a/assets/js/4fac8f87.6cd3c5c5.js +++ b/assets/js/4fac8f87.b13acd28.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/522d95f1.36e58ade.js b/assets/js/522d95f1.e0b75686.js similarity index 99% rename from assets/js/522d95f1.36e58ade.js rename to assets/js/522d95f1.e0b75686.js index 0cb6ee1f0..f16e5185b 100644 --- a/assets/js/522d95f1.36e58ade.js +++ b/assets/js/522d95f1.e0b75686.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/5281b7a2.1d2243a7.js b/assets/js/5281b7a2.21c9eecf.js similarity index 97% rename from assets/js/5281b7a2.1d2243a7.js rename to assets/js/5281b7a2.21c9eecf.js index 0e958a9b6..e2223e038 100644 --- a/assets/js/5281b7a2.1d2243a7.js +++ b/assets/js/5281b7a2.21c9eecf.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"Core Concepts",permalink:"/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"Core Concepts",permalink:"/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/5379b7b3.88210846.js b/assets/js/5379b7b3.f5805cc1.js similarity index 96% rename from assets/js/5379b7b3.88210846.js rename to assets/js/5379b7b3.f5805cc1.js index 76e7e8dae..8ea3f19d5 100644 --- a/assets/js/5379b7b3.88210846.js +++ b/assets/js/5379b7b3.f5805cc1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/53c8b813.b9e7edf2.js b/assets/js/53c8b813.54460b8b.js similarity index 97% rename from assets/js/53c8b813.b9e7edf2.js rename to assets/js/53c8b813.54460b8b.js index 36d5dedaf..71c687a8f 100644 --- a/assets/js/53c8b813.b9e7edf2.js +++ b/assets/js/53c8b813.54460b8b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2837],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.6/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.6/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.6/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-bundle-stages.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.6/concepts"},next:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.6/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.6/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2837],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.6/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.6/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.6/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-bundle-stages.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.6/concepts"},next:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.6/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.6/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/5a165616.53c4c40a.js b/assets/js/5a165616.902ba6c6.js similarity index 98% rename from assets/js/5a165616.53c4c40a.js rename to assets/js/5a165616.902ba6c6.js index 9d9beeb60..424454a39 100644 --- a/assets/js/5a165616.53c4c40a.js +++ b/assets/js/5a165616.902ba6c6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/60bcd92c.8e1033f4.js b/assets/js/60bcd92c.8dcf6f83.js similarity index 99% rename from assets/js/60bcd92c.8e1033f4.js rename to assets/js/60bcd92c.8dcf6f83.js index d83ff5625..d0ba629f4 100644 --- a/assets/js/60bcd92c.8e1033f4.js +++ b/assets/js/60bcd92c.8dcf6f83.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[314],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function y(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(v,(0,a.Z)({},e,t)),r.createElement(y,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},1843:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),r=(n(7294),n(3905)),l=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"version-0.6/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.6/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.6/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-registration.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.6/installation"},next:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,r.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,r.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",l.d.next.fleetAgent)),(0,r.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",l.d.next.fleetAgent)),(0,r.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[314],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function y(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(v,(0,a.Z)({},e,t)),r.createElement(y,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},1843:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),r=(n(7294),n(3905)),l=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"version-0.6/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.6/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.6/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-registration.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.6/installation"},next:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,r.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,r.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",l.d.next.fleetAgent)),(0,r.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",l.d.next.fleetAgent)),(0,r.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/62bbc60f.94f748b8.js b/assets/js/62bbc60f.0ab30666.js similarity index 99% rename from assets/js/62bbc60f.94f748b8.js rename to assets/js/62bbc60f.0ab30666.js index 581ab80c1..2a91a3537 100644 --- a/assets/js/62bbc60f.94f748b8.js +++ b/assets/js/62bbc60f.0ab30666.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6295],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.6/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.6/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.6/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/namespaces.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.6/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,s.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,s.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1600",height:"1750"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,(0,s.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,s.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6295],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.6/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.6/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.6/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/namespaces.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.6/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,s.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,s.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1600",height:"1750"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,(0,s.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,s.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file diff --git a/assets/js/63e62f73.b24d5719.js b/assets/js/63e62f73.5df08ada.js similarity index 98% rename from assets/js/63e62f73.b24d5719.js rename to assets/js/63e62f73.5df08ada.js index dac1765cd..166b31f84 100644 --- a/assets/js/63e62f73.b24d5719.js +++ b/assets/js/63e62f73.5df08ada.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/680ed9ed.93018da4.js b/assets/js/680ed9ed.6056096c.js similarity index 98% rename from assets/js/680ed9ed.93018da4.js rename to assets/js/680ed9ed.6056096c.js index ebb97820a..998ac89bf 100644 --- a/assets/js/680ed9ed.93018da4.js +++ b/assets/js/680ed9ed.6056096c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6a840bac.79d6808d.js b/assets/js/6a840bac.7f9b9b74.js similarity index 98% rename from assets/js/6a840bac.79d6808d.js rename to assets/js/6a840bac.7f9b9b74.js index 7c08c41dc..2dcf86e17 100644 --- a/assets/js/6a840bac.79d6808d.js +++ b/assets/js/6a840bac.7f9b9b74.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7203],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},820:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),o=a(4866),u=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"version-0.6/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.6/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.6/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/quickstart.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.6/"},next:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,l.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)(o.Z,{mdxType:"Tabs"},(0,n.kt)(u.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,n.kt)(u.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7203],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},820:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),o=a(4866),u=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"version-0.6/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.6/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.6/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/quickstart.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.6/"},next:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,l.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)(o.Z,{mdxType:"Tabs"},(0,n.kt)(u.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,n.kt)(u.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/6cf4c0df.5a58d130.js b/assets/js/6cf4c0df.918c5ded.js similarity index 98% rename from assets/js/6cf4c0df.5a58d130.js rename to assets/js/6cf4c0df.918c5ded.js index 17da3b9c1..ae3f089d8 100644 --- a/assets/js/6cf4c0df.5a58d130.js +++ b/assets/js/6cf4c0df.918c5ded.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/6faa62d7.c4c97c4c.js b/assets/js/6faa62d7.ede8a2d4.js similarity index 95% rename from assets/js/6faa62d7.c4c97c4c.js rename to assets/js/6faa62d7.ede8a2d4.js index f3ab04de4..797abdf65 100644 --- a/assets/js/6faa62d7.c4c97c4c.js +++ b/assets/js/6faa62d7.ede8a2d4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||o;return n?r.createElement(d,l(l({ref:t},f),{},{components:n})):r.createElement(d,l({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet-agent"},l=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.6/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.6/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"},next:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||o;return n?r.createElement(d,l(l({ref:t},f),{},{components:n})):r.createElement(d,l({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet-agent"},l=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.6/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.6/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"},next:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7292ec22.901d8257.js b/assets/js/7292ec22.84d790d3.js similarity index 64% rename from assets/js/7292ec22.901d8257.js rename to assets/js/7292ec22.84d790d3.js index ffb2645dd..14d2e82f0 100644 --- a/assets/js/7292ec22.901d8257.js +++ b/assets/js/7292ec22.84d790d3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2404],{3905:(e,t,r)=>{r.d(t,{Zo:()=>d,kt:()=>f});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),i=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},d=function(e){var t=i(e.components);return n.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(r),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return r?n.createElement(m,s(s({ref:t},d),{},{components:r})):n.createElement(m,s({ref:t},d))}));function f(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{r.r(t),r.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var n=r(7462),a=(r(7294),r(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.6/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.6/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.6/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-bundles-state.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2404],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.6/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.6/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.6/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-bundles-state.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/755aca7b.11531a2d.js b/assets/js/755aca7b.19623394.js similarity index 98% rename from assets/js/755aca7b.11531a2d.js rename to assets/js/755aca7b.19623394.js index 6d839606f..358c80aaf 100644 --- a/assets/js/755aca7b.11531a2d.js +++ b/assets/js/755aca7b.19623394.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/762abe3e.8d372cdb.js b/assets/js/762abe3e.446a6964.js similarity index 96% rename from assets/js/762abe3e.8d372cdb.js rename to assets/js/762abe3e.446a6964.js index 5eb52f5f4..2d68dba77 100644 --- a/assets/js/762abe3e.8d372cdb.js +++ b/assets/js/762abe3e.446a6964.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Installation Details",permalink:"/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Installation Details",permalink:"/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/7a815aed.a1083285.js b/assets/js/7a815aed.f5885dae.js similarity index 98% rename from assets/js/7a815aed.a1083285.js rename to assets/js/7a815aed.f5885dae.js index ab5887ac3..a824e53d5 100644 --- a/assets/js/7a815aed.a1083285.js +++ b/assets/js/7a815aed.f5885dae.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[488],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.6/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.6/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.6/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/webhook.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[488],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.6/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.6/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.6/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/webhook.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/7c5d32d8.8185014e.js b/assets/js/7c5d32d8.7943e2a1.js similarity index 99% rename from assets/js/7c5d32d8.8185014e.js rename to assets/js/7c5d32d8.7943e2a1.js index dc833ee75..22e21f687 100644 --- a/assets/js/7c5d32d8.8185014e.js +++ b/assets/js/7c5d32d8.7943e2a1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7f3d36ad.9749686f.js b/assets/js/7f3d36ad.4be074df.js similarity index 98% rename from assets/js/7f3d36ad.9749686f.js rename to assets/js/7f3d36ad.4be074df.js index ea25a04ae..47ad2b8bd 100644 --- a/assets/js/7f3d36ad.9749686f.js +++ b/assets/js/7f3d36ad.4be074df.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/8070e160.cb43c220.js b/assets/js/8070e160.49ea0962.js similarity index 98% rename from assets/js/8070e160.cb43c220.js rename to assets/js/8070e160.49ea0962.js index 85892bb01..e24ef0778 100644 --- a/assets/js/8070e160.cb43c220.js +++ b/assets/js/8070e160.49ea0962.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),u=a(6550),o=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,u.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,u]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=o??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&u(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);u(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:u,selectValue:o,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==u&&(d(t),o(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:u===t?0:-1,"aria-selected":u===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":u===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),u=a(4866),o=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Creating a Deployment",permalink:"/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,l.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)(u.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),u=a(6550),o=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,u.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,u]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=o??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&u(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);u(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:u,selectValue:o,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==u&&(d(t),o(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:u===t?0:-1,"aria-selected":u===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":u===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),u=a(4866),o=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Creating a Deployment",permalink:"/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,l.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)(u.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/82782dff.2ac2fd49.js b/assets/js/82782dff.6b99b719.js similarity index 97% rename from assets/js/82782dff.2ac2fd49.js rename to assets/js/82782dff.6b99b719.js index 3fd7b936d..6e060078d 100644 --- a/assets/js/82782dff.2ac2fd49.js +++ b/assets/js/82782dff.6b99b719.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7811],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.6/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.6/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7811],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.6/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.6/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8307bb82.f9505506.js b/assets/js/8307bb82.282f5f39.js similarity index 98% rename from assets/js/8307bb82.f9505506.js rename to assets/js/8307bb82.282f5f39.js index daf48b5e1..b8124313a 100644 --- a/assets/js/8307bb82.f9505506.js +++ b/assets/js/8307bb82.282f5f39.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5386],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.6/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.6/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.6/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/architecture.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.6/uninstall"},next:{title:"Core Concepts",permalink:"/0.6/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5386],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.6/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.6/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.6/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/architecture.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.6/uninstall"},next:{title:"Core Concepts",permalink:"/0.6/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/834808ff.5944060f.js b/assets/js/834808ff.f937940e.js similarity index 98% rename from assets/js/834808ff.5944060f.js rename to assets/js/834808ff.f937940e.js index 48c0cc8f2..911b1426b 100644 --- a/assets/js/834808ff.5944060f.js +++ b/assets/js/834808ff.f937940e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"Configuration",permalink:"/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"Configuration",permalink:"/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file diff --git a/assets/js/847b3bc4.37b707e4.js b/assets/js/847b3bc4.685c3f2e.js similarity index 96% rename from assets/js/847b3bc4.37b707e4.js rename to assets/js/847b3bc4.685c3f2e.js index f8858d511..7e10ecf78 100644 --- a/assets/js/847b3bc4.37b707e4.js +++ b/assets/js/847b3bc4.685c3f2e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/857d18b5.9810f018.js b/assets/js/857d18b5.2069c95d.js similarity index 99% rename from assets/js/857d18b5.9810f018.js rename to assets/js/857d18b5.2069c95d.js index 97da4cb66..2c97f0daa 100644 --- a/assets/js/857d18b5.9810f018.js +++ b/assets/js/857d18b5.2069c95d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6076],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.6/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.6/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.6/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/troubleshooting.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6076],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.6/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.6/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.6/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/troubleshooting.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8eb509d6.fdcd660c.js b/assets/js/8eb509d6.877708b7.js similarity index 96% rename from assets/js/8eb509d6.fdcd660c.js rename to assets/js/8eb509d6.877708b7.js index aeef200c4..2e44712a8 100644 --- a/assets/js/8eb509d6.fdcd660c.js +++ b/assets/js/8eb509d6.877708b7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3220],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.6/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3220],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.6/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9533a6b7.2aea7642.js b/assets/js/9533a6b7.9edea2b4.js similarity index 98% rename from assets/js/9533a6b7.2aea7642.js rename to assets/js/9533a6b7.9edea2b4.js index 137fff021..e4a76678b 100644 --- a/assets/js/9533a6b7.2aea7642.js +++ b/assets/js/9533a6b7.9edea2b4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/95a72457.1e84c1c1.js b/assets/js/95a72457.10acea2d.js similarity index 98% rename from assets/js/95a72457.1e84c1c1.js rename to assets/js/95a72457.10acea2d.js index f5a302a60..6709da789 100644 --- a/assets/js/95a72457.1e84c1c1.js +++ b/assets/js/95a72457.10acea2d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4126],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-user.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4126],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-user.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/984cdf04.0e3b64c9.js b/assets/js/984cdf04.87eb6810.js similarity index 99% rename from assets/js/984cdf04.0e3b64c9.js rename to assets/js/984cdf04.87eb6810.js index db3462bbf..06187f852 100644 --- a/assets/js/984cdf04.0e3b64c9.js +++ b/assets/js/984cdf04.87eb6810.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1332],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},5083:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.6/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.6/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.6/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/tut-deployment.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.6/quickstart"},next:{title:"Uninstall",permalink:"/0.6/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},5083:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.6/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.6/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.6/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/tut-deployment.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.6/quickstart"},next:{title:"Uninstall",permalink:"/0.6/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9360],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a06c6d5b.e956e432.js b/assets/js/a06c6d5b.5fb0005f.js similarity index 99% rename from assets/js/a06c6d5b.e956e432.js rename to assets/js/a06c6d5b.5fb0005f.js index 34c404927..bf8b97af3 100644 --- a/assets/js/a06c6d5b.e956e432.js +++ b/assets/js/a06c6d5b.5fb0005f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3803],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-content.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3803],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-content.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{title:"Local Cluster",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a2c468b1.9b8600e7.js b/assets/js/a2c468b1.2e55a0ef.js similarity index 99% rename from assets/js/a2c468b1.9b8600e7.js rename to assets/js/a2c468b1.2e55a0ef.js index 16eb3ee2c..aa371e1e1 100644 --- a/assets/js/a2c468b1.9b8600e7.js +++ b/assets/js/a2c468b1.2e55a0ef.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/a9e7f6cd.11c342ff.js b/assets/js/a9e7f6cd.994964dd.js similarity index 98% rename from assets/js/a9e7f6cd.11c342ff.js rename to assets/js/a9e7f6cd.994964dd.js index 6b37398bf..a4f85554e 100644 --- a/assets/js/a9e7f6cd.11c342ff.js +++ b/assets/js/a9e7f6cd.994964dd.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/aba71817.ad0f37ea.js b/assets/js/aba71817.e97237c3.js similarity index 98% rename from assets/js/aba71817.ad0f37ea.js rename to assets/js/aba71817.e97237c3.js index f19161e98..49a87be3d 100644 --- a/assets/js/aba71817.ad0f37ea.js +++ b/assets/js/aba71817.e97237c3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=l,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||o;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Git Repository Contents",permalink:"/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...o}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,o,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,l.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,l.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,l.kt)("ol",null,(0,l.kt)("li",{parentName:"ol"},"User will create a ",(0,l.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,l.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,l.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,l.kt)("blockquote",null,(0,l.kt)("p",{parentName:"blockquote"},(0,l.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,l.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,l.kt)("ol",{start:3},(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,l.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,l.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,l.kt)("p",null,(0,l.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=l,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||o;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Git Repository Contents",permalink:"/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...o}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,o,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,l.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,l.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,l.kt)("ol",null,(0,l.kt)("li",{parentName:"ol"},"User will create a ",(0,l.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,l.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,l.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,l.kt)("blockquote",null,(0,l.kt)("p",{parentName:"blockquote"},(0,l.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,l.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,l.kt)("ol",{start:3},(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,l.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,l.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,l.kt)("p",null,(0,l.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/ae2335f3.2d9f51bd.js b/assets/js/ae2335f3.bdebd487.js similarity index 98% rename from assets/js/ae2335f3.2d9f51bd.js rename to assets/js/ae2335f3.bdebd487.js index ec17c185f..26b1086a1 100644 --- a/assets/js/ae2335f3.2d9f51bd.js +++ b/assets/js/ae2335f3.bdebd487.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1049],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),l=n(6010);const r="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),l=n(7294),r=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:l}}=e;return{value:t,label:n,attributes:a,default:l}}))}function p(e){const{values:t,children:n}=e;return(0,l.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),r=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(a.location.search);t.set(r,e),a.replace({...a.location,search:t.toString()})}),[r,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,r=p(e),[i,s]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,r]=(0,c.Nk)(n);return[a,(0,l.useCallback)((e=>{n&&r.set(e)}),[n,r])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,r]),tabValues:r}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return l.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,r.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function y(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",f)},l.createElement(v,(0,a.Z)({},e,t)),l.createElement(y,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return l.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},8105:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),l=(n(7294),n(3905)),r=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/docs/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-registration.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/installation"},next:{title:"Create Cluster Groups",permalink:"/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,l.kt)("h2",{id:"overview"},"Overview"),(0,l.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,l.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,l.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,l.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,l.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,l.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,l.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,l.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,l.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,l.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,l.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,l.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(s.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",r.d.next.fleetAgent)),(0,l.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(s.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",r.d.next.fleetAgent)),(0,l.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,l.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,l.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,l.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,l.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,l.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,l.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,l.kt)("p",null,"After the ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,l.kt)("p",null,"One way to do so is via the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,l.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,l.kt)("p",null,"The token value contains YAML content for a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,l.kt)("p",null,"Such value is contained in the ",(0,l.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,l.kt)("p",null,"Once the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,l.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,l.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,l.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,l.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,l.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,l.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,l.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,l.kt)("p",null,"The format of this secret is intended to match the ",(0,l.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,l.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,l.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1049],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),l=n(6010);const r="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),l=n(7294),r=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:l}}=e;return{value:t,label:n,attributes:a,default:l}}))}function p(e){const{values:t,children:n}=e;return(0,l.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),r=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(a.location.search);t.set(r,e),a.replace({...a.location,search:t.toString()})}),[r,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,r=p(e),[i,s]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,r]=(0,c.Nk)(n);return[a,(0,l.useCallback)((e=>{n&&r.set(e)}),[n,r])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,r]),tabValues:r}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return l.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,r.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",f)},l.createElement(y,(0,a.Z)({},e,t)),l.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return l.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},8105:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),l=(n(7294),n(3905)),r=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/docs/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-registration.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/installation"},next:{title:"Create Cluster Groups",permalink:"/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,l.kt)("h2",{id:"overview"},"Overview"),(0,l.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,l.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,l.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,l.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,l.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,l.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,l.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,l.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,l.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,l.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,l.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,l.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(s.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",r.d.next.fleetAgent)),(0,l.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(s.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",r.d.next.fleetAgent)),(0,l.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,l.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,l.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,l.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,l.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,l.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,l.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,l.kt)("p",null,"After the ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,l.kt)("p",null,"One way to do so is via the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,l.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,l.kt)("p",null,"The token value contains YAML content for a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,l.kt)("p",null,"Such value is contained in the ",(0,l.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,l.kt)("p",null,"Once the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,l.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,l.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,l.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,l.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,l.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,l.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,l.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,l.kt)("p",null,"The format of this secret is intended to match the ",(0,l.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,l.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,l.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/af10d9fb.9dba5d46.js b/assets/js/af10d9fb.cfaf3cdd.js similarity index 98% rename from assets/js/af10d9fb.9dba5d46.js rename to assets/js/af10d9fb.cfaf3cdd.js index 9c7cce829..cc85baa24 100644 --- a/assets/js/af10d9fb.9dba5d46.js +++ b/assets/js/af10d9fb.cfaf3cdd.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet apply"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet apply"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/af48bdba.833a4f37.js b/assets/js/af48bdba.7b0adf4f.js similarity index 96% rename from assets/js/af48bdba.833a4f37.js rename to assets/js/af48bdba.7b0adf4f.js index d285f67f1..ff6f46f4a 100644 --- a/assets/js/af48bdba.833a4f37.js +++ b/assets/js/af48bdba.7b0adf4f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b2456c44.a59b771a.js b/assets/js/b2456c44.9dfbc90d.js similarity index 86% rename from assets/js/b2456c44.a59b771a.js rename to assets/js/b2456c44.9dfbc90d.js index 39f68b48b..322ba9668 100644 --- a/assets/js/b2456c44.a59b771a.js +++ b/assets/js/b2456c44.9dfbc90d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||l;return n?a.createElement(f,o(o({ref:t},c),{},{components:n})):a.createElement(f,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const l={},o="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/ref-crds"},next:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>p});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=u(n),p=r,f=m["".concat(i,".").concat(p)]||m[p]||d[p]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function p(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/ref-crds"},next:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b32c755c.2010bb3d.js b/assets/js/b32c755c.e480066e.js similarity index 99% rename from assets/js/b32c755c.2010bb3d.js rename to assets/js/b32c755c.e480066e.js index 51c6c6ded..48a93a9ec 100644 --- a/assets/js/b32c755c.2010bb3d.js +++ b/assets/js/b32c755c.e480066e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/b60b3bd8.a6194ff1.js b/assets/js/b60b3bd8.243e9508.js similarity index 82% rename from assets/js/b60b3bd8.a6194ff1.js rename to assets/js/b60b3bd8.243e9508.js index 9d6d9b96c..f1608f86e 100644 --- a/assets/js/b60b3bd8.a6194ff1.js +++ b/assets/js/b60b3bd8.243e9508.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b7ae13b2.ec7cac2d.js b/assets/js/b7ae13b2.84a16fbb.js similarity index 54% rename from assets/js/b7ae13b2.ec7cac2d.js rename to assets/js/b7ae13b2.84a16fbb.js index bc1117872..818bb6ea1 100644 --- a/assets/js/b7ae13b2.ec7cac2d.js +++ b/assets/js/b7ae13b2.84a16fbb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=s(n),d=l,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/tut-deployment"},next:{title:"Architecture",permalink:"/architecture"}},c={},s=[],p={toc:s};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=s(n),d=a,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/tut-deployment"},next:{title:"Architecture",permalink:"/architecture"}},c={},s=[],p={toc:s};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"uninstall"},"Uninstall"),(0,a.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b8f3160f.7bc83cf5.js b/assets/js/b8f3160f.ce035e6f.js similarity index 98% rename from assets/js/b8f3160f.7bc83cf5.js rename to assets/js/b8f3160f.ce035e6f.js index 64adbdb16..c903fd994 100644 --- a/assets/js/b8f3160f.7bc83cf5.js +++ b/assets/js/b8f3160f.ce035e6f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b9a03c38.a5c1e0d0.js b/assets/js/b9a03c38.bec33ad5.js similarity index 98% rename from assets/js/b9a03c38.a5c1e0d0.js rename to assets/js/b9a03c38.bec33ad5.js index 01f218254..0d8b88bad 100644 --- a/assets/js/b9a03c38.a5c1e0d0.js +++ b/assets/js/b9a03c38.bec33ad5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/bd465781.9dcb68d3.js b/assets/js/bd465781.dbb20b2c.js similarity index 97% rename from assets/js/bd465781.9dcb68d3.js rename to assets/js/bd465781.dbb20b2c.js index b3ee03e35..ce6f0c288 100644 --- a/assets/js/bd465781.9dcb68d3.js +++ b/assets/js/bd465781.dbb20b2c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c1eb0b52.69c9cb4f.js b/assets/js/c1eb0b52.cc7c5cf4.js similarity index 97% rename from assets/js/c1eb0b52.69c9cb4f.js rename to assets/js/c1eb0b52.cc7c5cf4.js index c505ffa70..b7544f918 100644 --- a/assets/js/c1eb0b52.69c9cb4f.js +++ b/assets/js/c1eb0b52.cc7c5cf4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4572],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=c(n),f=l,d=m["".concat(s,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>c});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.6/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.6/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.6/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-configuration.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4572],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=c(n),f=l,d=m["".concat(s,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>c});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.6/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.6/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.6/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-configuration.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c2bab82f.183425fc.js b/assets/js/c2bab82f.e77dcdc1.js similarity index 97% rename from assets/js/c2bab82f.183425fc.js rename to assets/js/c2bab82f.e77dcdc1.js index 03df3196e..c2bcb8a7e 100644 --- a/assets/js/c2bab82f.183425fc.js +++ b/assets/js/c2bab82f.e77dcdc1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[824],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>w});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const n=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,i]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=u[a].value;n!==i&&(d(t),o(n))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function A(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",k)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function w(e){const t=(0,g.Z)();return l.createElement(A,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},4721:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.6/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.6/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.6/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/installation.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.6/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,l.kt)("wrapper",(0,n.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"installation-details"},"Installation Details"),(0,l.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,l.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,l.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,l.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,l.kt)("h2",{id:"default-install"},"Default Install"),(0,l.kt)("p",null,"Install the following two Helm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet)),(0,l.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,l.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"register some git repos")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,l.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,l.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,l.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,l.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,l.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("h4",{id:"validate"},"Validate"),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,l.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[824],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const n=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,i]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=u[a].value;n!==i&&(d(t),o(n))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function w(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",k)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return l.createElement(w,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},4721:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.6/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.6/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.6/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/installation.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.6/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,l.kt)("wrapper",(0,n.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"installation-details"},"Installation Details"),(0,l.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,l.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,l.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,l.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,l.kt)("h2",{id:"default-install"},"Default Install"),(0,l.kt)("p",null,"Install the following two Helm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet)),(0,l.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,l.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"register some git repos")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,l.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,l.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,l.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,l.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,l.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("h4",{id:"validate"},"Validate"),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,l.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/c377a04b.e3c32472.js b/assets/js/c377a04b.d1d0b51a.js similarity index 96% rename from assets/js/c377a04b.e3c32472.js rename to assets/js/c377a04b.d1d0b51a.js index d294cafca..1bab2445d 100644 --- a/assets/js/c377a04b.e3c32472.js +++ b/assets/js/c377a04b.d1d0b51a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/c6aa770e.f0eb2a4f.js b/assets/js/c6aa770e.eb0d71ef.js similarity index 98% rename from assets/js/c6aa770e.f0eb2a4f.js rename to assets/js/c6aa770e.eb0d71ef.js index 06629117c..a550a2c46 100644 --- a/assets/js/c6aa770e.f0eb2a4f.js +++ b/assets/js/c6aa770e.eb0d71ef.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[844],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.6/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.6/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.6/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/concepts.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.6/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[844],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.6/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.6/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.6/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/concepts.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.6/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c7381d34.cd25c22d.js b/assets/js/c7381d34.dc9a7ddf.js similarity index 99% rename from assets/js/c7381d34.cd25c22d.js rename to assets/js/c7381d34.dc9a7ddf.js index d2bcc4d5f..4f843fa87 100644 --- a/assets/js/c7381d34.cd25c22d.js +++ b/assets/js/c7381d34.dc9a7ddf.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/cd0bf424.c0eb9cc2.js b/assets/js/cd0bf424.d1c6e623.js similarity index 97% rename from assets/js/cd0bf424.c0eb9cc2.js rename to assets/js/cd0bf424.d1c6e623.js index e87e78caa..eb36b4800 100644 --- a/assets/js/cd0bf424.c0eb9cc2.js +++ b/assets/js/cd0bf424.d1c6e623.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/cd323ffc.b0296c33.js b/assets/js/cd323ffc.22427dfb.js similarity index 98% rename from assets/js/cd323ffc.b0296c33.js rename to assets/js/cd323ffc.22427dfb.js index 60995fa10..aa658b867 100644 --- a/assets/js/cd323ffc.b0296c33.js +++ b/assets/js/cd323ffc.22427dfb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ce534227.3982b974.js b/assets/js/ce534227.39fdc0cb.js similarity index 97% rename from assets/js/ce534227.3982b974.js rename to assets/js/ce534227.39fdc0cb.js index 83024afce..5fb02e597 100644 --- a/assets/js/ce534227.3982b974.js +++ b/assets/js/ce534227.39fdc0cb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6342],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,h=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(h,s(s({ref:t},p),{},{components:n})):r.createElement(h,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.6/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.6/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.6/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-gitrepo.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/0.6/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6342],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,h=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(h,s(s({ref:t},p),{},{components:n})):r.createElement(h,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.6/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.6/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.6/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-gitrepo.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/0.6/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d3d9887a.75faee07.js b/assets/js/d3d9887a.d40f4cbb.js similarity index 99% rename from assets/js/d3d9887a.75faee07.js rename to assets/js/d3d9887a.d40f4cbb.js index 04919cc5f..616ecb1b4 100644 --- a/assets/js/d3d9887a.75faee07.js +++ b/assets/js/d3d9887a.d40f4cbb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d6daf0cc.fdf3ac41.js b/assets/js/d6daf0cc.7de09ad0.js similarity index 97% rename from assets/js/d6daf0cc.fdf3ac41.js rename to assets/js/d6daf0cc.7de09ad0.js index 57279923c..a100606f7 100644 --- a/assets/js/d6daf0cc.fdf3ac41.js +++ b/assets/js/d6daf0cc.7de09ad0.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8021],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>h});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),h=o,d=m["".concat(c,".").concat(h)]||m[h]||u[h]||a;return n?r.createElement(d,s(s({ref:t},p),{},{components:n})):r.createElement(d,s({ref:t},p))}));function h(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8021],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>h});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),h=o,d=m["".concat(c,".").concat(h)]||m[h]||u[h]||a;return n?r.createElement(d,s(s({ref:t},p),{},{components:n})):r.createElement(d,s({ref:t},p))}));function h(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d8f58335.d8abe3d1.js b/assets/js/d8f58335.0ad2a07c.js similarity index 98% rename from assets/js/d8f58335.d8abe3d1.js rename to assets/js/d8f58335.0ad2a07c.js index c01cc93d0..c33fe054e 100644 --- a/assets/js/d8f58335.d8abe3d1.js +++ b/assets/js/d8f58335.0ad2a07c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/da21831e.d4332a07.js b/assets/js/da21831e.5d84dd07.js similarity index 98% rename from assets/js/da21831e.d4332a07.js rename to assets/js/da21831e.5d84dd07.js index 64b3ac2c4..f1904d14a 100644 --- a/assets/js/da21831e.d4332a07.js +++ b/assets/js/da21831e.5d84dd07.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd67116e.47b5500c.js b/assets/js/dd67116e.95b947db.js similarity index 97% rename from assets/js/dd67116e.47b5500c.js rename to assets/js/dd67116e.95b947db.js index 1d8a6493a..3f4cd2eff 100644 --- a/assets/js/dd67116e.47b5500c.js +++ b/assets/js/dd67116e.95b947db.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd81469d.99bdb6b4.js b/assets/js/dd81469d.724b09ae.js similarity index 97% rename from assets/js/dd81469d.99bdb6b4.js rename to assets/js/dd81469d.724b09ae.js index 8dfe841e3..85ccd50d0 100644 --- a/assets/js/dd81469d.99bdb6b4.js +++ b/assets/js/dd81469d.724b09ae.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/de08e76e.39a09371.js b/assets/js/de08e76e.39a09371.js deleted file mode 100644 index aa8576fa8..000000000 --- a/assets/js/de08e76e.39a09371.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/de08e76e.8bff71ff.js b/assets/js/de08e76e.8bff71ff.js new file mode 100644 index 000000000..07d5ca737 --- /dev/null +++ b/assets/js/de08e76e.8bff71ff.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"Ignore refers to the fields that will not be considered when monitoring the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"conditions to be ignored"),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dfa3dc49.f0aae75d.js b/assets/js/dfa3dc49.1fe421c8.js similarity index 99% rename from assets/js/dfa3dc49.f0aae75d.js rename to assets/js/dfa3dc49.1fe421c8.js index 863cb0c34..d740d84c0 100644 --- a/assets/js/dfa3dc49.f0aae75d.js +++ b/assets/js/dfa3dc49.1fe421c8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[599],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},4757:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/docs/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/tut-deployment.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Uninstall",permalink:"/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},4757:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/docs/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/tut-deployment.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Uninstall",permalink:"/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6418],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/e252aa27.80021bc0.js b/assets/js/e252aa27.60dc60de.js similarity index 97% rename from assets/js/e252aa27.80021bc0.js rename to assets/js/e252aa27.60dc60de.js index b8b4ca654..e0c354f95 100644 --- a/assets/js/e252aa27.80021bc0.js +++ b/assets/js/e252aa27.60dc60de.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e3aa6547.336920ea.js b/assets/js/e3aa6547.c1f0325c.js similarity index 97% rename from assets/js/e3aa6547.336920ea.js rename to assets/js/e3aa6547.c1f0325c.js index 14960ba1e..dbcec6fcf 100644 --- a/assets/js/e3aa6547.336920ea.js +++ b/assets/js/e3aa6547.c1f0325c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e89d2f4d.ca56f98e.js b/assets/js/e89d2f4d.bdd26d6a.js similarity index 55% rename from assets/js/e89d2f4d.ca56f98e.js rename to assets/js/e89d2f4d.bdd26d6a.js index bb43747a4..46b81fefb 100644 --- a/assets/js/e89d2f4d.ca56f98e.js +++ b/assets/js/e89d2f4d.bdd26d6a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8049],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.6/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.6/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.6/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/uninstall.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"},next:{title:"Architecture",permalink:"/0.6/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8049],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.6/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.6/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.6/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/uninstall.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"},next:{title:"Architecture",permalink:"/0.6/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"uninstall"},"Uninstall"),(0,a.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ebf52154.011649d9.js b/assets/js/ebf52154.32850e35.js similarity index 96% rename from assets/js/ebf52154.011649d9.js rename to assets/js/ebf52154.32850e35.js index 7a164942f..3ce0a4cb6 100644 --- a/assets/js/ebf52154.011649d9.js +++ b/assets/js/ebf52154.32850e35.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,l)=>{l.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},1453:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=l(7462),n=(l(7294),l(3905)),s=l(6828),r=l(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...l}=e;return(0,n.kt)("wrapper",(0,a.Z)({},u,l,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,l)=>{l.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},1453:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=l(7462),n=(l(7294),l(3905)),s=l(6828),r=l(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...l}=e;return(0,n.kt)("wrapper",(0,a.Z)({},u,l,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f14b6af8.11c5af4e.js b/assets/js/f14b6af8.224412a4.js similarity index 97% rename from assets/js/f14b6af8.11c5af4e.js rename to assets/js/f14b6af8.224412a4.js index a2649e100..e3c9c5dfe 100644 --- a/assets/js/f14b6af8.11c5af4e.js +++ b/assets/js/f14b6af8.224412a4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6469],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.6/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.6/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6469],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.6/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.6/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f4793a78.ad4a75a9.js b/assets/js/f4793a78.cc66b97d.js similarity index 97% rename from assets/js/f4793a78.ad4a75a9.js rename to assets/js/f4793a78.cc66b97d.js index bdf3bbd20..38457bef0 100644 --- a/assets/js/f4793a78.ad4a75a9.js +++ b/assets/js/f4793a78.cc66b97d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5455],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.6/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.6/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.6/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-group.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.6/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5455],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.6/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.6/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.6/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-group.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.6/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f531b716.199b0f60.js b/assets/js/f531b716.3eb55c73.js similarity index 97% rename from assets/js/f531b716.199b0f60.js rename to assets/js/f531b716.3eb55c73.js index 3a303871b..9648b11f2 100644 --- a/assets/js/f531b716.199b0f60.js +++ b/assets/js/f531b716.3eb55c73.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.6/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.6/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.6/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/imagescan.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"},next:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.6/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.6/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.6/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/imagescan.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"},next:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f63438e5.c05e7a52.js b/assets/js/f63438e5.6ea8e7b0.js similarity index 98% rename from assets/js/f63438e5.c05e7a52.js rename to assets/js/f63438e5.6ea8e7b0.js index e4c8687ad..8a48fe055 100644 --- a/assets/js/f63438e5.c05e7a52.js +++ b/assets/js/f63438e5.6ea8e7b0.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/f66ef323.91297687.js b/assets/js/f66ef323.e3fbb661.js similarity index 99% rename from assets/js/f66ef323.91297687.js rename to assets/js/f66ef323.e3fbb661.js index f9a6adfc4..7b847835b 100644 --- a/assets/js/f66ef323.91297687.js +++ b/assets/js/f66ef323.e3fbb661.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1296],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.6/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.6/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.6/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-crds.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.6/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1296],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.6/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.6/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.6/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-crds.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.6/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f6748474.56e7258c.js b/assets/js/f6748474.c1f10feb.js similarity index 96% rename from assets/js/f6748474.56e7258c.js rename to assets/js/f6748474.c1f10feb.js index ebfc08f46..fade0188d 100644 --- a/assets/js/f6748474.56e7258c.js +++ b/assets/js/f6748474.c1f10feb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f7c88408.c6323a73.js b/assets/js/f7c88408.e7f0faa1.js similarity index 98% rename from assets/js/f7c88408.c6323a73.js rename to assets/js/f7c88408.e7f0faa1.js index 96b08bd4d..52a1da79e 100644 --- a/assets/js/f7c88408.c6323a73.js +++ b/assets/js/f7c88408.e7f0faa1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4235],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.6/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.6/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.6/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/multi-user.md",tags:[],version:"0.6",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.6/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4235],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.6/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.6/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.6/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/multi-user.md",tags:[],version:"0.6",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.6/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/f7cf1511.78a312b0.js b/assets/js/f7cf1511.cc4cc6a0.js similarity index 95% rename from assets/js/f7cf1511.78a312b0.js rename to assets/js/f7cf1511.cc4cc6a0.js index 8b43682e5..fc92d5f05 100644 --- a/assets/js/f7cf1511.78a312b0.js +++ b/assets/js/f7cf1511.cc4cc6a0.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f8113afe.89e733ab.js b/assets/js/f8113afe.34a34569.js similarity index 96% rename from assets/js/f8113afe.89e733ab.js rename to assets/js/f8113afe.34a34569.js index 3f6b69174..3cdea9be0 100644 --- a/assets/js/f8113afe.89e733ab.js +++ b/assets/js/f8113afe.34a34569.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),r=l(6828),a=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-agent-0.7.0-AGENT-rc.1.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz",kubernetes:"1.20.5"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),r=l(6828),a=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/f8909550.21f08c0f.js b/assets/js/f8909550.14b4b202.js similarity index 98% rename from assets/js/f8909550.21f08c0f.js rename to assets/js/f8909550.14b4b202.js index 66a419b95..d7edec72e 100644 --- a/assets/js/f8909550.21f08c0f.js +++ b/assets/js/f8909550.14b4b202.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fb76c575.f8e630a2.js b/assets/js/fb76c575.300c6845.js similarity index 99% rename from assets/js/fb76c575.f8e630a2.js rename to assets/js/fb76c575.300c6845.js index edbc97322..9fa39e36d 100644 --- a/assets/js/fb76c575.f8e630a2.js +++ b/assets/js/fb76c575.300c6845.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fbaf079d.06de2007.js b/assets/js/fbaf079d.dc94f71b.js similarity index 90% rename from assets/js/fbaf079d.06de2007.js rename to assets/js/fbaf079d.dc94f71b.js index bfd1c992e..819efa665 100644 --- a/assets/js/fbaf079d.06de2007.js +++ b/assets/js/fbaf079d.dc94f71b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(s,".").concat(u)]||m[u]||d[u]||r;return t?a.createElement(h,i(i({ref:n},c),{},{components:t})):a.createElement(h,i({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const r={},i="Generating Diffs to Ignore Modified GitRepos",l={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"}},s={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...r}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,r,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,s=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(s,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:o,r[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>l,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",l={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"}},s={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/fd06576e.ef7ca991.js b/assets/js/fd06576e.eea50574.js similarity index 98% rename from assets/js/fd06576e.ef7ca991.js rename to assets/js/fd06576e.eea50574.js index 843cd7dff..c4e7d62e8 100644 --- a/assets/js/fd06576e.ef7ca991.js +++ b/assets/js/fd06576e.eea50574.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fd26103c.31a668d3.js b/assets/js/fd26103c.b295d2f3.js similarity index 98% rename from assets/js/fd26103c.31a668d3.js rename to assets/js/fd26103c.b295d2f3.js index 9d7da7aa0..3024f8246 100644 --- a/assets/js/fd26103c.31a668d3.js +++ b/assets/js/fd26103c.b295d2f3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ffe5129d.18f3552e.js b/assets/js/ffe5129d.c72c61f3.js similarity index 97% rename from assets/js/ffe5129d.18f3552e.js rename to assets/js/ffe5129d.c72c61f3.js index f495285f3..25cca222d 100644 --- a/assets/js/ffe5129d.18f3552e.js +++ b/assets/js/ffe5129d.c72c61f3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=a.createContext({}),s=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=s(n),f=l,d=m["".concat(c,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>s});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1681293801,formattedLastUpdatedAt:"Apr 12, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/ref-crds"}},c={},s=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=a.createContext({}),s=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=s(n),f=l,d=m["".concat(c,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>s});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1684162012,formattedLastUpdatedAt:"May 15, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/ref-crds"}},c={},s=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.5ce1daa1.js b/assets/js/runtime~main.3681bad0.js similarity index 50% rename from assets/js/runtime~main.5ce1daa1.js rename to assets/js/runtime~main.3681bad0.js index 13f59139b..21e0ee633 100644 --- a/assets/js/runtime~main.5ce1daa1.js +++ b/assets/js/runtime~main.3681bad0.js @@ -1 +1 @@ -(()=>{"use strict";var e,a,f,d,b,c={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return c[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=c,r.c=t,e=[],r.O=(a,f,d,b)=>{if(!f){var c=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[f,d,b]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,d){if(1&d&&(e=this(e)),8&d)return e;if("object"==typeof e&&e){if(4&d&&e.__esModule)return e;if(16&d&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var c={};a=a||[null,f({}),f([]),f(f)];for(var t=2&d&&e;"object"==typeof t&&!~a.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((a=>c[a]=()=>e[a]));return c.default=()=>e,r.d(b,c),b},r.d=(e,a)=>{for(var f in a)r.o(a,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:a[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,f)=>(r.f[f](e,a),a)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",208:"cd0bf424",252:"46c9c1f8",299:"de08e76e",314:"60bcd92c",488:"7a815aed",599:"dfa3dc49",665:"f63438e5",764:"d8f58335",824:"c2bab82f",835:"680ed9ed",844:"c6aa770e",859:"b32c755c",964:"af48bdba",1049:"ae2335f3",1296:"f66ef323",1332:"984cdf04",1371:"0a06c365",1462:"e3aa6547",1760:"b2456c44",1910:"cd323ffc",2030:"fbaf079d",2112:"bd465781",2357:"06df35bc",2361:"a2c468b1",2392:"fd26103c",2404:"7292ec22",2418:"6cf4c0df",2425:"dd67116e",2651:"8070e160",2771:"0db4760e",2837:"53c8b813",3084:"4ccb6852",3200:"fb76c575",3217:"3b8c55ea",3220:"8eb509d6",3325:"1fec2b35",3365:"45a5cd1f",3522:"93002d83",3632:"af10d9fb",3667:"fd06576e",3714:"d3d9887a",3803:"a06c6d5b",3814:"834808ff",3951:"3d7b86e7",4126:"95a72457",4203:"f531b716",4235:"f7c88408",4311:"0252b8ff",4339:"f6748474",4508:"246340c6",4572:"c1eb0b52",4581:"b9a03c38",4728:"1f14308a",4893:"da21831e",4917:"b60b3bd8",5225:"f7cf1511",5279:"522d95f1",5386:"8307bb82",5435:"847b3bc4",5455:"f4793a78",5532:"ffe5129d",5763:"3718f698",5764:"5a165616",5765:"2f0f344d",5776:"34a3c1ae",5854:"e252aa27",5927:"5281b7a2",5945:"10f03480",6076:"857d18b5",6095:"32c7bf40",6250:"7c5d32d8",6255:"7f3d36ad",6295:"62bbc60f",6342:"ce534227",6393:"ebf52154",6418:"e0636556",6469:"f14b6af8",6560:"0e50cd4d",6588:"b7ae13b2",6943:"39f5e362",6950:"1bd61b9d",6957:"f8113afe",6961:"762abe3e",6971:"c377a04b",7107:"170989a3",7169:"a9e7f6cd",7203:"6a840bac",7224:"2d618eff",7301:"11f54a6a",7314:"34eb4307",7526:"4fac8f87",7539:"22b369d5",7544:"c7381d34",7619:"49af6a86",7811:"82782dff",7893:"f8909550",7918:"17896441",7920:"1a4e3797",7966:"07db75e5",8002:"01b4035b",8021:"d6daf0cc",8049:"e89d2f4d",8092:"ee0e1228",8228:"5379b7b3",8361:"dd81469d",8459:"2dc49bc9",8539:"6faa62d7",8646:"0ce1d2b6",8711:"b8f3160f",8795:"12f4838b",8813:"aba71817",9246:"340d0560",9353:"9533a6b7",9360:"9d9f8394",9514:"1be78505",9593:"17b50570",9719:"63e62f73",9816:"755aca7b"}[e]||e)+"."+{53:"d7da80db",208:"c0eb9cc2",252:"09c99ba2",299:"39a09371",314:"8e1033f4",488:"a1083285",599:"f0aae75d",665:"c05e7a52",764:"d8abe3d1",824:"183425fc",835:"93018da4",844:"f0eb2a4f",859:"2010bb3d",964:"833a4f37",1049:"2d9f51bd",1296:"91297687",1332:"0e3b64c9",1371:"1e85dd69",1462:"336920ea",1760:"a59b771a",1910:"b0296c33",2030:"06de2007",2112:"9dcb68d3",2357:"20595c47",2361:"9b8600e7",2392:"31a668d3",2404:"901d8257",2418:"5a58d130",2425:"47b5500c",2651:"cb43c220",2771:"6caf0e0e",2837:"b9e7edf2",3084:"68802ab0",3200:"f8e630a2",3217:"2eff977e",3220:"fdcd660c",3325:"cf641d3d",3365:"d2d49472",3522:"00f81257",3632:"9dba5d46",3667:"ef7ca991",3714:"75faee07",3803:"e956e432",3814:"5944060f",3951:"33f39982",4126:"1e84c1c1",4203:"199b0f60",4235:"c6323a73",4311:"bc50d989",4339:"56e7258c",4508:"679a7806",4572:"69c9cb4f",4581:"a5c1e0d0",4728:"bdaea58c",4893:"d4332a07",4917:"a6194ff1",4972:"8486a258",5225:"78a312b0",5279:"36e58ade",5386:"f9505506",5435:"37b707e4",5455:"ad4a75a9",5532:"18f3552e",5763:"821acb05",5764:"53c4c40a",5765:"36af1d9a",5776:"d97cd036",5854:"80021bc0",5927:"1d2243a7",5945:"c84d441c",6076:"9810f018",6095:"5fafd2b7",6250:"8185014e",6255:"9749686f",6295:"94f748b8",6342:"3982b974",6393:"011649d9",6418:"e9821306",6469:"11c5af4e",6560:"0ec5dac6",6588:"ec7cac2d",6780:"73cff48e",6943:"3a79f641",6945:"98e888a2",6950:"625c0401",6957:"89e733ab",6961:"8d372cdb",6971:"e3c32472",7107:"5d043215",7169:"11c342ff",7203:"79d6808d",7224:"85145c8f",7301:"023947aa",7314:"095433c7",7526:"6cd3c5c5",7539:"c10648c2",7544:"cd25c22d",7619:"241dd0cc",7811:"2ac2fd49",7893:"21f08c0f",7918:"34a1edeb",7920:"514af003",7966:"ab3d4962",8002:"dcf6f9a8",8021:"fdf3ac41",8049:"ca56f98e",8092:"7633adf7",8228:"88210846",8361:"99bdb6b4",8459:"7a58d729",8539:"c4c97c4c",8646:"71902f5c",8711:"7bc83cf5",8795:"47c7248d",8813:"ad0f37ea",8894:"ad65c686",9056:"355ca87c",9246:"45c39726",9353:"2aea7642",9360:"fb1d363d",9514:"387c5731",9593:"a01575c1",9719:"b24d5719",9816:"11531a2d"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),d={},b="fleet-docs:",r.l=(e,a,f,c)=>{if(d[e])d[e].push(a);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=d[e];if(delete d[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(f))),a)return a(f)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=u.bind(null,t.onerror),t.onload=u.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918","935f2afb":"53",cd0bf424:"208","46c9c1f8":"252",de08e76e:"299","60bcd92c":"314","7a815aed":"488",dfa3dc49:"599",f63438e5:"665",d8f58335:"764",c2bab82f:"824","680ed9ed":"835",c6aa770e:"844",b32c755c:"859",af48bdba:"964",ae2335f3:"1049",f66ef323:"1296","984cdf04":"1332","0a06c365":"1371",e3aa6547:"1462",b2456c44:"1760",cd323ffc:"1910",fbaf079d:"2030",bd465781:"2112","06df35bc":"2357",a2c468b1:"2361",fd26103c:"2392","7292ec22":"2404","6cf4c0df":"2418",dd67116e:"2425","8070e160":"2651","0db4760e":"2771","53c8b813":"2837","4ccb6852":"3084",fb76c575:"3200","3b8c55ea":"3217","8eb509d6":"3220","1fec2b35":"3325","45a5cd1f":"3365","93002d83":"3522",af10d9fb:"3632",fd06576e:"3667",d3d9887a:"3714",a06c6d5b:"3803","834808ff":"3814","3d7b86e7":"3951","95a72457":"4126",f531b716:"4203",f7c88408:"4235","0252b8ff":"4311",f6748474:"4339","246340c6":"4508",c1eb0b52:"4572",b9a03c38:"4581","1f14308a":"4728",da21831e:"4893",b60b3bd8:"4917",f7cf1511:"5225","522d95f1":"5279","8307bb82":"5386","847b3bc4":"5435",f4793a78:"5455",ffe5129d:"5532","3718f698":"5763","5a165616":"5764","2f0f344d":"5765","34a3c1ae":"5776",e252aa27:"5854","5281b7a2":"5927","10f03480":"5945","857d18b5":"6076","32c7bf40":"6095","7c5d32d8":"6250","7f3d36ad":"6255","62bbc60f":"6295",ce534227:"6342",ebf52154:"6393",e0636556:"6418",f14b6af8:"6469","0e50cd4d":"6560",b7ae13b2:"6588","39f5e362":"6943","1bd61b9d":"6950",f8113afe:"6957","762abe3e":"6961",c377a04b:"6971","170989a3":"7107",a9e7f6cd:"7169","6a840bac":"7203","2d618eff":"7224","11f54a6a":"7301","34eb4307":"7314","4fac8f87":"7526","22b369d5":"7539",c7381d34:"7544","49af6a86":"7619","82782dff":"7811",f8909550:"7893","1a4e3797":"7920","07db75e5":"7966","01b4035b":"8002",d6daf0cc:"8021",e89d2f4d:"8049",ee0e1228:"8092","5379b7b3":"8228",dd81469d:"8361","2dc49bc9":"8459","6faa62d7":"8539","0ce1d2b6":"8646",b8f3160f:"8711","12f4838b":"8795",aba71817:"8813","340d0560":"9246","9533a6b7":"9353","9d9f8394":"9360","1be78505":"9514","17b50570":"9593","63e62f73":"9719","755aca7b":"9816"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(a,f)=>{var d=r.o(e,a)?e[a]:void 0;if(0!==d)if(d)f.push(d[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var b=new Promise(((f,b)=>d=e[a]=[f,b]));f.push(d[2]=b);var c=r.p+r.u(a),t=new Error;r.l(c,(f=>{if(r.o(e,a)&&(0!==(d=e[a])&&(e[a]=void 0),d)){var b=f&&("load"===f.type?"missing":f.type),c=f&&f.target&&f.target.src;t.message="Loading chunk "+a+" failed.\n("+b+": "+c+")",t.name="ChunkLoadError",t.type=b,t.request=c,d[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,f)=>{var d,b,c=f[0],t=f[1],o=f[2],n=0;if(c.some((a=>0!==e[a]))){for(d in t)r.o(t,d)&&(r.m[d]=t[d]);if(o)var i=o(r)}for(a&&a(f);n{"use strict";var e,f,d,a,b,c={},t={};function r(e){var f=t[e];if(void 0!==f)return f.exports;var d=t[e]={id:e,loaded:!1,exports:{}};return c[e].call(d.exports,d,d.exports,r),d.loaded=!0,d.exports}r.m=c,r.c=t,e=[],r.O=(f,d,a,b)=>{if(!d){var c=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](d[o])))?d.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[d,a,b]},r.n=e=>{var f=e&&e.__esModule?()=>e.default:()=>e;return r.d(f,{a:f}),f},d=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var c={};f=f||[null,d({}),d([]),d(d)];for(var t=2&a&&e;"object"==typeof t&&!~f.indexOf(t);t=d(t))Object.getOwnPropertyNames(t).forEach((f=>c[f]=()=>e[f]));return c.default=()=>e,r.d(b,c),b},r.d=(e,f)=>{for(var d in f)r.o(f,d)&&!r.o(e,d)&&Object.defineProperty(e,d,{enumerable:!0,get:f[d]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((f,d)=>(r.f[d](e,f),f)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",208:"cd0bf424",252:"46c9c1f8",299:"de08e76e",314:"60bcd92c",488:"7a815aed",599:"dfa3dc49",665:"f63438e5",764:"d8f58335",824:"c2bab82f",835:"680ed9ed",844:"c6aa770e",859:"b32c755c",964:"af48bdba",1049:"ae2335f3",1296:"f66ef323",1332:"984cdf04",1371:"0a06c365",1462:"e3aa6547",1760:"b2456c44",1910:"cd323ffc",2030:"fbaf079d",2112:"bd465781",2357:"06df35bc",2361:"a2c468b1",2392:"fd26103c",2404:"7292ec22",2418:"6cf4c0df",2425:"dd67116e",2651:"8070e160",2771:"0db4760e",2837:"53c8b813",3084:"4ccb6852",3200:"fb76c575",3217:"3b8c55ea",3220:"8eb509d6",3325:"1fec2b35",3365:"45a5cd1f",3522:"93002d83",3632:"af10d9fb",3667:"fd06576e",3714:"d3d9887a",3803:"a06c6d5b",3814:"834808ff",3951:"3d7b86e7",4126:"95a72457",4203:"f531b716",4235:"f7c88408",4311:"0252b8ff",4339:"f6748474",4508:"246340c6",4572:"c1eb0b52",4581:"b9a03c38",4728:"1f14308a",4893:"da21831e",4917:"b60b3bd8",5225:"f7cf1511",5279:"522d95f1",5386:"8307bb82",5435:"847b3bc4",5455:"f4793a78",5532:"ffe5129d",5763:"3718f698",5764:"5a165616",5765:"2f0f344d",5776:"34a3c1ae",5854:"e252aa27",5927:"5281b7a2",5945:"10f03480",6076:"857d18b5",6095:"32c7bf40",6250:"7c5d32d8",6255:"7f3d36ad",6295:"62bbc60f",6342:"ce534227",6393:"ebf52154",6418:"e0636556",6469:"f14b6af8",6560:"0e50cd4d",6588:"b7ae13b2",6943:"39f5e362",6950:"1bd61b9d",6957:"f8113afe",6961:"762abe3e",6971:"c377a04b",7107:"170989a3",7169:"a9e7f6cd",7203:"6a840bac",7224:"2d618eff",7301:"11f54a6a",7314:"34eb4307",7526:"4fac8f87",7539:"22b369d5",7544:"c7381d34",7619:"49af6a86",7811:"82782dff",7893:"f8909550",7918:"17896441",7920:"1a4e3797",7966:"07db75e5",8002:"01b4035b",8021:"d6daf0cc",8049:"e89d2f4d",8092:"ee0e1228",8228:"5379b7b3",8361:"dd81469d",8459:"2dc49bc9",8539:"6faa62d7",8646:"0ce1d2b6",8711:"b8f3160f",8795:"12f4838b",8813:"aba71817",9246:"340d0560",9353:"9533a6b7",9360:"9d9f8394",9514:"1be78505",9593:"17b50570",9719:"63e62f73",9816:"755aca7b"}[e]||e)+"."+{53:"d7da80db",208:"d1c6e623",252:"2645e926",299:"8bff71ff",314:"8dcf6f83",488:"f5885dae",599:"1fe421c8",665:"6ea8e7b0",764:"0ad2a07c",824:"e77dcdc1",835:"6056096c",844:"eb0d71ef",859:"e480066e",964:"7b0adf4f",1049:"bdebd487",1296:"e3fbb661",1332:"87eb6810",1371:"485005a9",1462:"c1f0325c",1760:"9dfbc90d",1910:"22427dfb",2030:"dc94f71b",2112:"dbb20b2c",2357:"20595c47",2361:"2e55a0ef",2392:"b295d2f3",2404:"84d790d3",2418:"918c5ded",2425:"95b947db",2651:"49ea0962",2771:"8f818422",2837:"54460b8b",3084:"83229c95",3200:"300c6845",3217:"99d727d7",3220:"877708b7",3325:"27e8aa94",3365:"54d6d18f",3522:"00f81257",3632:"cfaf3cdd",3667:"eea50574",3714:"d40f4cbb",3803:"5fb0005f",3814:"f937940e",3951:"a63bce63",4126:"10acea2d",4203:"3eb55c73",4235:"e7f0faa1",4311:"5446699d",4339:"c1f10feb",4508:"d5236c4e",4572:"cc7c5cf4",4581:"bec33ad5",4728:"1bfe8f0e",4893:"5d84dd07",4917:"243e9508",4972:"8486a258",5225:"cc4cc6a0",5279:"e0b75686",5386:"282f5f39",5435:"685c3f2e",5455:"cc66b97d",5532:"c72c61f3",5763:"8e081315",5764:"902ba6c6",5765:"36af1d9a",5776:"c3e12415",5854:"60dc60de",5927:"21c9eecf",5945:"51a2d7dc",6076:"2069c95d",6095:"599a28cb",6250:"7943e2a1",6255:"4be074df",6295:"0ab30666",6342:"39fdc0cb",6393:"32850e35",6418:"264e40b1",6469:"224412a4",6560:"15fa1c1e",6588:"84a16fbb",6780:"73cff48e",6943:"f9ddd53a",6945:"98e888a2",6950:"5985aeff",6957:"34a34569",6961:"446a6964",6971:"d1d0b51a",7107:"c5736c81",7169:"994964dd",7203:"7f9b9b74",7224:"b90118a7",7301:"34545f44",7314:"3efec493",7526:"b13acd28",7539:"7430bed8",7544:"dc9a7ddf",7619:"061b42dc",7811:"6b99b719",7893:"14b4b202",7918:"34a1edeb",7920:"514af003",7966:"395c8c36",8002:"969bb018",8021:"7de09ad0",8049:"bdd26d6a",8092:"7633adf7",8228:"f5805cc1",8361:"724b09ae",8459:"beff64e3",8539:"ede8a2d4",8646:"4df972f2",8711:"ce035e6f",8795:"1ce7a30d",8813:"e97237c3",8894:"ad65c686",9056:"355ca87c",9246:"fca63a90",9353:"9edea2b4",9360:"6e0e1a16",9514:"387c5731",9593:"a01575c1",9719:"5df08ada",9816:"19623394"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,f)=>Object.prototype.hasOwnProperty.call(e,f),a={},b="fleet-docs:",r.l=(e,f,d,c)=>{if(a[e])a[e].push(f);else{var t,o;if(void 0!==d)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(d))),f)return f(d)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=u.bind(null,t.onerror),t.onload=u.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918","935f2afb":"53",cd0bf424:"208","46c9c1f8":"252",de08e76e:"299","60bcd92c":"314","7a815aed":"488",dfa3dc49:"599",f63438e5:"665",d8f58335:"764",c2bab82f:"824","680ed9ed":"835",c6aa770e:"844",b32c755c:"859",af48bdba:"964",ae2335f3:"1049",f66ef323:"1296","984cdf04":"1332","0a06c365":"1371",e3aa6547:"1462",b2456c44:"1760",cd323ffc:"1910",fbaf079d:"2030",bd465781:"2112","06df35bc":"2357",a2c468b1:"2361",fd26103c:"2392","7292ec22":"2404","6cf4c0df":"2418",dd67116e:"2425","8070e160":"2651","0db4760e":"2771","53c8b813":"2837","4ccb6852":"3084",fb76c575:"3200","3b8c55ea":"3217","8eb509d6":"3220","1fec2b35":"3325","45a5cd1f":"3365","93002d83":"3522",af10d9fb:"3632",fd06576e:"3667",d3d9887a:"3714",a06c6d5b:"3803","834808ff":"3814","3d7b86e7":"3951","95a72457":"4126",f531b716:"4203",f7c88408:"4235","0252b8ff":"4311",f6748474:"4339","246340c6":"4508",c1eb0b52:"4572",b9a03c38:"4581","1f14308a":"4728",da21831e:"4893",b60b3bd8:"4917",f7cf1511:"5225","522d95f1":"5279","8307bb82":"5386","847b3bc4":"5435",f4793a78:"5455",ffe5129d:"5532","3718f698":"5763","5a165616":"5764","2f0f344d":"5765","34a3c1ae":"5776",e252aa27:"5854","5281b7a2":"5927","10f03480":"5945","857d18b5":"6076","32c7bf40":"6095","7c5d32d8":"6250","7f3d36ad":"6255","62bbc60f":"6295",ce534227:"6342",ebf52154:"6393",e0636556:"6418",f14b6af8:"6469","0e50cd4d":"6560",b7ae13b2:"6588","39f5e362":"6943","1bd61b9d":"6950",f8113afe:"6957","762abe3e":"6961",c377a04b:"6971","170989a3":"7107",a9e7f6cd:"7169","6a840bac":"7203","2d618eff":"7224","11f54a6a":"7301","34eb4307":"7314","4fac8f87":"7526","22b369d5":"7539",c7381d34:"7544","49af6a86":"7619","82782dff":"7811",f8909550:"7893","1a4e3797":"7920","07db75e5":"7966","01b4035b":"8002",d6daf0cc:"8021",e89d2f4d:"8049",ee0e1228:"8092","5379b7b3":"8228",dd81469d:"8361","2dc49bc9":"8459","6faa62d7":"8539","0ce1d2b6":"8646",b8f3160f:"8711","12f4838b":"8795",aba71817:"8813","340d0560":"9246","9533a6b7":"9353","9d9f8394":"9360","1be78505":"9514","17b50570":"9593","63e62f73":"9719","755aca7b":"9816"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(f,d)=>{var a=r.o(e,f)?e[f]:void 0;if(0!==a)if(a)d.push(a[2]);else if(/^(1303|532)$/.test(f))e[f]=0;else{var b=new Promise(((d,b)=>a=e[f]=[d,b]));d.push(a[2]=b);var c=r.p+r.u(f),t=new Error;r.l(c,(d=>{if(r.o(e,f)&&(0!==(a=e[f])&&(e[f]=void 0),a)){var b=d&&("load"===d.type?"missing":d.type),c=d&&d.target&&d.target.src;t.message="Loading chunk "+f+" failed.\n("+b+": "+c+")",t.name="ChunkLoadError",t.type=b,t.request=c,a[1](t)}}),"chunk-"+f,f)}},r.O.j=f=>0===e[f];var f=(f,d)=>{var a,b,c=d[0],t=d[1],o=d[2],n=0;if(c.some((f=>0!==e[f]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(f&&f(d);n Generating Diffs to Ignore Modified GitRepos | Fleet - +
    Version: Next 🚧

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-agent.html b/cli/fleet-agent.html index e17aedc96..bf2460900 100644 --- a/cli/fleet-agent.html +++ b/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet.html b/cli/fleet-cli/fleet.html index 0336caa3c..89b2c2842 100644 --- a/cli/fleet-cli/fleet.html +++ b/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet_apply.html b/cli/fleet-cli/fleet_apply.html index e3348e30f..912f36fe5 100644 --- a/cli/fleet-cli/fleet_apply.html +++ b/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet_test.html b/cli/fleet-cli/fleet_test.html index 056c5353e..dd99b3218 100644 --- a/cli/fleet-cli/fleet_test.html +++ b/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-controller/fleet-manager.html b/cli/fleet-controller/fleet-manager.html index 8539700c0..4c10c7a0a 100644 --- a/cli/fleet-controller/fleet-manager.html +++ b/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-bundles-state.html b/cluster-bundles-state.html index 1a05060c5..453e08967 100644 --- a/cluster-bundles-state.html +++ b/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - +
    -
    Version: Next 🚧

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-group.html b/cluster-group.html index fb35654c3..1bb096eb7 100644 --- a/cluster-group.html +++ b/cluster-group.html @@ -4,7 +4,7 @@ Create Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-registration.html b/cluster-registration.html index d37a0280f..b577821d3 100644 --- a/cluster-registration.html +++ b/cluster-registration.html @@ -4,7 +4,7 @@ Register Downstream Clusters | Fleet - + @@ -75,8 +75,8 @@ above example one can run the following one-liner:

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. -This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/concepts.html b/concepts.html index c145b5596..32fe47ea2 100644 --- a/concepts.html +++ b/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

    • To see the life cycle of a bundle, click here.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-add.html b/gitrepo-add.html index 9251d376d..248fdac2a 100644 --- a/gitrepo-add.html +++ b/gitrepo-add.html @@ -4,7 +4,7 @@ Create a GitRepo Resource | Fleet - + @@ -12,8 +12,8 @@
    Version: Next 🚧

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer to the creating a deployment tutorial for examples.

    The available fields are documented in the GitRepo resource reference

    Using Helm Values​

    How changes are applied to values.yaml:

    • Note that the most recently applied changes to the values.yaml will override any previously existing values.

    • When changes are applied to the values.yaml from multiple sources at the same time, the values will update in the following order: helm.values -> helm.valuesFiles -> helm.valuesFrom. That means valuesFrom will take precedence over both, valuesFiles and values.

    Using ValuesFrom​

    These examples showcase the style and format for using valuesFrom. ConfigMaps and Secrets should be created in downstream clusters.

    Example ConfigMap:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: configmap-values
      namespace: default
    data:  
      values.yaml: |-
        replication: true
        replicas: 2
        serviceType: NodePort

    Example Secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: secret-values
      namespace: default
    stringData:
      values.yaml: |-
        replication: true
        replicas: 3
        serviceType: NodePort

    A secret like that, can be created from a YAML file secretdata.yaml by running the following kubectl command: kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml

    The resources can then be referenced from a fleet.yaml:

    helm:
      chart: simple-chart
      valuesFrom:
        - secretKeyRef:
            name: secret-values
            namespace: default
            key: values.yaml
        - configMapKeyRef:
            name: configmap-values
            namespace: default
            key: values.yaml
      values:
        replicas: "4"

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use -helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-content.html b/gitrepo-content.html index 5806b6e42..1dce0a118 100644 --- a/gitrepo-content.html +++ b/gitrepo-content.html @@ -4,7 +4,7 @@ Git Repository Contents | Fleet - + @@ -43,8 +43,8 @@ the contents of a file the convention of adding _patch. (notice the will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-targets.html b/gitrepo-targets.html index f28730f69..1fe4fd495 100644 --- a/gitrepo-targets.html +++ b/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -19,8 +19,8 @@ the final match is evaluated as "clusterSelector && clusterGroupSel default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default Target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default and add clusters to it.

    Customization per Cluster​

    To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use multi-cluster/helm/fleet.yaml.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/imagescan.html b/imagescan.html index 880d03b65..b4b67c96a 100644 --- a/imagescan.html +++ b/imagescan.html @@ -4,15 +4,15 @@ Using Image Scan to Update Container Image References | Fleet - +
    Version: Next 🚧

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/index.html b/index.html index 9d7dd5ef5..adfb7e6c9 100644 --- a/index.html +++ b/index.html @@ -4,13 +4,13 @@ Overview | Fleet - +
    -
    Version: Next 🚧

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/installation.html b/installation.html index cf6309537..dfd04a17e 100644 --- a/installation.html +++ b/installation.html @@ -4,7 +4,7 @@ Installation Details | Fleet - + @@ -37,8 +37,8 @@ the ca.pem is not correct. The contents of the $API_SERVER_CA and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/multi-user.html b/multi-user.html index 7eea78584..5d54c809c 100644 --- a/multi-user.html +++ b/multi-user.html @@ -4,7 +4,7 @@ Setup Multi User | Fleet - + @@ -17,8 +17,8 @@ deploy cluster wide resources. Even with the available Fleet restrictions, users are only restricted to namespaces, but namespaces don't provide much isolation on their own. E.g. they can still consume as many resources as they like.

    However, the existing Fleet restrictions allow users to share clusters, and -deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/namespaces.html b/namespaces.html index b507c720b..e0481a2ab 100644 --- a/namespaces.html +++ b/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/quickstart.html b/quickstart.html index e9106b7ec..e8b299739 100644 --- a/quickstart.html +++ b/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Version: Next 🚧

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-crd-0.7.0-AGENT-rc.1.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.7.0-AGENT-rc.1/fleet-0.7.0-AGENT-rc.1.tgz

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-bundle-stages.html b/ref-bundle-stages.html index 71e43cb15..eb4c73d67 100644 --- a/ref-bundle-stages.html +++ b/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Lifecycle | Fleet - +
    -
    Version: Next 🚧

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-configuration.html b/ref-configuration.html index 6076766f3..ffbabce97 100644 --- a/ref-configuration.html +++ b/ref-configuration.html @@ -4,13 +4,13 @@ Configuration | Fleet - +
    -
    Version: Next 🚧

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-crds.html b/ref-crds.html index ced1517d1..120f939bd 100644 --- a/ref-crds.html +++ b/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources Spec | Fleet - +
    -
    Version: Next 🚧

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    agentAffinityHashstringfalse
    agentResourcesHashstringfalse
    agentTolerationsHashstringfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false
    ignoreIgnore refers to the fields that will not be considered when monitoring the status.IgnoreOptionsfalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    IgnoreOptions​

    FieldDescriptionSchemeRequired
    conditionsconditions to be ignored[]map[string]stringfalse

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    agentAffinityHashstringfalse
    agentResourcesHashstringfalse
    agentTolerationsHashstringfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-fleet-yaml.html b/ref-fleet-yaml.html index c097eeef9..a7ae61270 100644 --- a/ref-fleet-yaml.html +++ b/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - +
    -
    Version: Next 🚧

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-gitrepo.html b/ref-gitrepo.html index 0e712aa1b..402121747 100644 --- a/ref-gitrepo.html +++ b/ref-gitrepo.html @@ -4,14 +4,14 @@ GitRepo Resource | Fleet - +
    Version: Next 🚧

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. -For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoUrlRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoUrlRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-registration.html b/ref-registration.html index 822dc2f88..7e1a311a1 100644 --- a/ref-registration.html +++ b/ref-registration.html @@ -4,14 +4,14 @@ Cluster Registration Internals | Fleet - +
    Version: Next 🚧

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-resources.html b/ref-resources.html index da3f0c71a..db8a273d5 100644 --- a/ref-resources.html +++ b/ref-resources.html @@ -4,13 +4,13 @@ Custom Resources | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/search.html b/search.html index 9f58e6b88..9c10ee0b1 100644 --- a/search.html +++ b/search.html @@ -4,13 +4,13 @@ Search the documentation | Fleet - +

    Search the documentation

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - + \ No newline at end of file diff --git a/troubleshooting.html b/troubleshooting.html index eb579adc0..196696d00 100644 --- a/troubleshooting.html +++ b/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Version: Next 🚧

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/tut-deployment.html b/tut-deployment.html index 3b58195a5..698b40d61 100644 --- a/tut-deployment.html +++ b/tut-deployment.html @@ -4,7 +4,7 @@ Creating a Deployment | Fleet - + @@ -13,8 +13,8 @@ For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The application will be customized as follows per environment:

    • Dev clusters: Only the redis leader is deployed and not the followers.
    • Test clusters: Scale the front deployment to 3
    • Prod clusters: Scale the front deployment to 3 and set the service type to LoadBalancer

    The fleet.yaml is used to control which 'yaml' overlays are used, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-manifest-example
    targetCustomizations:
    - name: dev
      clusterSelector:
        matchLabels:
          env: dev
      yaml:
        overlays:
        # Refers to overlays/noreplication folder
        - noreplication

    - name: test
      clusterSelector:
        matchLabels:
          env: test
      yaml:
        overlays:
        # Refers to overlays/scale3 folder
        - scale3

    - name: prod
      clusterSelector:
        matchLabels:
          env: prod
      yaml:
        # Refers to overlays/servicelb, scale3 folders
        overlays:
        - servicelb
        - scale3

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: manifests
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/manifests
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod
    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/uninstall.html b/uninstall.html index 650310536..0cbe6e8a8 100644 --- a/uninstall.html +++ b/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/webhook.html b/webhook.html index 3b3d26952..f49fde067 100644 --- a/webhook.html +++ b/webhook.html @@ -4,7 +4,7 @@ Using Webhooks Instead of Polling | Fleet - + @@ -12,8 +12,8 @@
    Version: Next 🚧

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file