# GitRepo Resource The GitRepo resource describes git repositories, how to access them and where the bundles are located. The content of the resource corresponds to the [GitRepoSpec](./ref-crds#gitrepospec). For more information on how to use GitRepo resource, e.g. how to watch private repositories, see [Create a GitRepo Resource](./gitrepo-add.md). ```yaml kind: GitRepo apiVersion: fleet.cattle.io/v1alpha1 metadata: # Any name can be used here name: my-repo # For single cluster use fleet-local, otherwise use the namespace of # your choosing namespace: fleet-local # Labels are copied to bundles, but not to workloads. labels: created-by: fleet spec: # This can be a HTTPS or git URL. If you are using a git URL then # clientSecretName will probably need to be set to supply a credential. # repo is the only required parameter for a repo to be monitored. # repo: https://github.com/rancher/fleet-examples # Enforce all resources go to this target namespace. If a cluster scoped # resource is found the deployment will fail. # # targetNamespace: app1 # Any branch can be watched, this field is optional. If not specified the # branch is assumed to be master # # branch: master # A specific commit or tag can also be watched. # # revision: v0.3.0 # For a private git repository you must supply a clientSecretName. A default # secret can be set at the namespace level using the GitRepoRestriction # type. Secrets must be of the type "kubernetes.io/ssh-auth" or # "kubernetes.io/basic-auth". The secret is assumed to be in the # same namespace as the GitRepo # If no clientSecretName is supplied, Fleet checks for a secret named # "gitcredential". # # clientSecretName: my-ssh-key # If fleet.yaml contains a private Helm repo that requires authentication, # provide the credentials in a K8s secret and specify them here. # Danger: the credentials will be sent to all repositories referenced from # this gitrepo. See section below for more information. # # helmSecretName: my-helm-secret # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. # Credentials will always be used if it is empty or not provided # # helmRepoURLRegex: https://charts.rancher.io/* # Contains the auth secret for private Helm repository for each path. # See [Create a GitRepo Resource](.gitrepo-add#use-different-helm-credentials-for-each-path) # # helmSecretNameForPaths: multi-helm-secret # To add additional ca-bundle for self-signed certs, caBundle can be # filled with base64 encoded pem data. For example: # `cat /path/to/ca.pem | base64 -w 0` # # caBundle: my-ca-bundle # Disable SSL verification for git repo # # insecureSkipTLSVerify: true # A git repo can read multiple paths in a repo at once. # The below field is expected to be an array of paths and # supports path globbing (ex: some/*/path) # # Example: # paths: # - single-path # - multiple-paths/* paths: - simple # PollingInterval configures how often fleet checks the git repo. The default # is 15 seconds. # Setting this to zero does not disable polling. It results in a 15s # interval, too. # As checking a git repo incurs a CPU cost, raising this value can help # lowering fleetcontroller's CPU usage if tens of git repos are used or more # # pollingInterval: 15s # When disablePolling is set to true the git repo won't be checked periodically. # It will rely on webhooks only. # See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook) # disablePolling: false # When using a webhook, a secret can be defined per GitRepo to validate the received payload. # webhookSecret is the name of the previously created secret for this purpose. # See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook) # webhookSecret: webhook-secret-name # Paused causes changes in Git to not be propagated down to the clusters but # instead mark resources as OutOfSync # # paused: false # Increment this number to force a redeployment of contents from Git # # forceSyncGeneration: 0 # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses # a three-way merge strategy by default. # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force. # Keep in mind that resources might be recreated if force is enabled. # Failed rollback will be removed from the helm history unless keepFailHistory is set to true. # # correctDrift: # enabled: false # force: false #Warning: it might recreate resources if set to true # keepFailHistory: false # The service account that will be used to perform this deployment. # This is the name of the service account that exists in the # downstream cluster in the cattle-fleet-system namespace. It is assumed # this service account already exists so it should be created beforehand, # for instance coming from another git repo registered with # the Fleet manager. # If no service account is configured, Fleet checks for a service account # named "fleet-default". # # serviceAccount: moreSecureAccountThanClusterAdmin # DeleteNamespace specifies if the namespace created # must be deleted after deleting the GitRepo. # deleteNamespace: false # bundles specifies the user-driven bundle definitions # With this way of defining Bundles, Fleet will simply load the specified resources # along with the options file (if defined), or it will attempt to find a # fleet.yaml file in the defined base. # See [How Repos are scanned](https://fleet.rancher.io/gitrepo-content#how-repos-are-scanned) # It is recommended to avoid using the following characters in the base and options paths: :,|?<> # You can use any of those (or even more than one), but not all of them at once. # bundles: # base: basedirectory/to/bundle/resources # options: path/to/fleet.yaml (optional) # base: basedirectory/to/bundle2 # Target clusters to deploy to if running Fleet in a multi-cluster # style. Refer to the "Mapping to Downstream Clusters" docs for # more information. # If empty, the "default" cluster group is used. # # targets: ... ```