rancher
/
fleet-docs
mirror of https://github.com/rancher/fleet-docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fleet-docs/0.8/namespaces.html

46 lines
40 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-0.8 plugin-docs plugin-id-default docs-doc-id-namespaces" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v2.4.3">
<title data-rh="true">Namespaces | Fleet</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://fleet.rancher.io/0.8/namespaces"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="0.8"><meta data-rh="true" name="docusaurus_tag" content="docs-default-0.8"><meta data-rh="true" name="docsearch:version" content="0.8"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-0.8"><meta data-rh="true" property="og:title" content="Namespaces | Fleet"><meta data-rh="true" name="description" content="All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces"><meta data-rh="true" property="og:description" content="All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://fleet.rancher.io/0.8/namespaces"><link data-rh="true" rel="alternate" href="https://fleet.rancher.io/0.8/namespaces" hreflang="en"><link data-rh="true" rel="alternate" href="https://fleet.rancher.io/0.8/namespaces" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://5YEVIM7OXD-dsn.algolia.net" crossorigin="anonymous"><link rel="search" type="application/opensearchdescription+xml" title="Fleet" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.ff6ab72e.css">
<link rel="preload" href="/assets/js/runtime~main.b74b6382.js" as="script">
<link rel="preload" href="/assets/js/main.88b5c325.js" as="script">
</head>
<body class="navigation-with-keyboard">
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/logo.svg" alt="logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/logo.svg" alt="logo" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">Fleet</b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a class="navbar__link" aria-haspopup="true" aria-expanded="false" role="button" href="/0.8">0.8</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/namespaces">Next 🚧</a></li><li><a class="dropdown__link" href="/0.10/namespaces">0.10</a></li><li><a class="dropdown__link" href="/0.9/namespaces">0.9</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/0.8/namespaces">0.8</a></li><li><a class="dropdown__link" href="/0.7/namespaces">0.7</a></li><li><a class="dropdown__link" href="/0.6/namespaces">0.6</a></li><li><a class="dropdown__link" href="/0.5/namespaces">0.5</a></li><li><a class="dropdown__link" href="/0.4/namespaces">0.4</a></li></ul></div><a aria-current="page" class="navbar__item navbar__link navbar__docs navbar__link--active" href="/0.8">Docs</a><a href="https://github.com/rancher/fleet" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link navbar__github btn btn-secondary icon-github">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a href="https://rancher-users.slack.com/channels/fleet" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-slack-link" aria-label="Slack Channel"></a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">More from SUSE</a><ul class="dropdown__menu"><li><a href="https://www.rancher.com" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__rancher">Rancher<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><hr style="margin: 0.3rem 0;"></li><li><a href="https://elemental.docs.rancher.com/" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__elemental">Elemental<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://harvesterhci.io" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__harvester">Harvester<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://rancherdesktop.io" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__rd">Rancher Desktop<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><hr style="margin: 0.3rem 0;"></li><li><a href="https://opensource.suse.com" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__suse">More Projects...<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/0.8">Overview</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.8/quickstart">Tutorials</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/quickstart">Quick Start</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/tut-deployment">Creating a Deployment</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/uninstall">Uninstall</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/0.8/architecture">Explanations</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/architecture">Architecture</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/concepts">Core Concepts</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-bundle-stages">Bundle Lifecycle</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/gitrepo-content">Git Repository Contents</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/0.8/namespaces">Namespaces</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/resources-during-deployment">Custom Resources During Deployment</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.8/installation">How-tos for Operators</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/installation">Installation Details</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/cluster-registration">Register Downstream Clusters</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/cluster-group">Create Cluster Groups</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/multi-user">Setup Multi User</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.8/gitrepo-add">How-tos for Users</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/gitrepo-add">Create a GitRepo Resource</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/gitrepo-targets">Mapping to Downstream Clusters</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/bundle-diffs">Generating Diffs to Ignore Modified GitRepos</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/webhook">Using Webhooks Instead of Polling</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/imagescan">Using Image Scan to Update Container Image References</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/bundle-add">Create a Bundle Resource</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.8/cli/fleet-agent">Reference</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" tabindex="0" href="/0.8/cli/fleet-agent">CLI</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/cluster-bundles-state">Cluster and Bundle State</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-registration">Cluster Registration Internals</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-configuration">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-resources">List of Deployed Resources</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-crds">Custom Resources Spec</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-fleet-yaml">fleet.yaml</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-gitrepo">GitRepo Resource</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.8/ref-bundle">Bundle Resource</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/0.8/troubleshooting">Troubleshooting</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/0.8/changelogs/changelogs/v0.8.0">Changelog</a></div></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is documentation for <!-- -->Fleet<!-- --> <b>0.8</b>, which is no longer actively maintained.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/namespaces">latest version</a></b> (<!-- -->Next 🚧<!-- -->).</div></div><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Explanations</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Namespaces</span><meta itemprop="position" content="2"></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 0.8</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Namespaces</h1><p>All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces
of the deployed resources in the downstream cluster. Understanding how namespaces are used in the Fleet manager is
important to understand the security model and how one can use Fleet in a multi-tenant fashion.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="gitrepos-bundles-clusters-clustergroups">GitRepos, Bundles, Clusters, ClusterGroups<a href="#gitrepos-bundles-clusters-clustergroups" class="hash-link" aria-label="Direct link to GitRepos, Bundles, Clusters, ClusterGroups" title="Direct link to GitRepos, Bundles, Clusters, ClusterGroups"></a></h2><p>The primary types are all scoped to a namespace. All selectors for <code>GitRepo</code> targets will be evaluated against
the <code>Clusters</code> and <code>ClusterGroups</code> in the same namespaces. This means that if you give <code>create</code> or <code>update</code> privileges
to a <code>GitRepo</code> type in a namespace, that end user can modify the selector to match any cluster in that namespace.
This means in practice if you want to have two teams self manage their own <code>GitRepo</code> registrations but they should
not be able to target each others clusters, they should be in different namespaces.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="gitrepo-namespace">GitRepo Namespace<a href="#gitrepo-namespace" class="hash-link" aria-label="Direct link to GitRepo Namespace" title="Direct link to GitRepo Namespace"></a></h3><p>Git repos are added to the Fleet manager using the <code>GitRepo</code> custom resource type. The <code>GitRepo</code> type is namespaced. By default, Rancher will create two Fleet workspaces: <strong>fleet-default</strong> and <strong>fleet-local</strong>.</p><ul><li><code>Fleet-default</code> will contain all the downstream clusters that are already registered through Rancher.</li><li><code>Fleet-local</code> will contain the local cluster by default.</li></ul><p>If you are using Fleet in a <a href="/0.8/concepts">single cluster</a> style, the namespace will always be <strong>fleet-local</strong>. Check <a href="https://fleet.rancher.io/namespaces/#fleet-local" target="_blank" rel="noopener noreferrer">here</a> for more on the <code>fleet-local</code> namespace.</p><p>For a <a href="/0.8/concepts">multi-cluster</a> style, please ensure you use the correct repo that will map to the right target clusters.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="namespace-creation-behavior-in-bundles">Namespace Creation Behavior in Bundles<a href="#namespace-creation-behavior-in-bundles" class="hash-link" aria-label="Direct link to Namespace Creation Behavior in Bundles" title="Direct link to Namespace Creation Behavior in Bundles"></a></h2><p>When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="special-namespaces">Special Namespaces<a href="#special-namespaces" class="hash-link" aria-label="Direct link to Special Namespaces" title="Direct link to Special Namespaces"></a></h2><p>An overview of the <a href="/0.8/namespaces">namespaces</a> used by fleet and their resources.</p><p><img loading="lazy" alt="Namespace" src="/assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg" width="1437" height="1731" class="img_ev3q"></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="fleet-local-local-workspace-cluster-registration-namespace">fleet-local (local workspace, cluster registration namespace)<a href="#fleet-local-local-workspace-cluster-registration-namespace" class="hash-link" aria-label="Direct link to fleet-local (local workspace, cluster registration namespace)" title="Direct link to fleet-local (local workspace, cluster registration namespace)"></a></h3><p>The <strong>fleet-local</strong> namespace is a special namespace used for the single cluster use case or to bootstrap
the configuration of the Fleet manager.</p><p>When fleet is installed the <code>fleet-local</code> namespace is created along with one <code>Cluster</code> called <code>local</code> and one
<code>ClusterGroup</code> called <code>default</code>. If no targets are specified on a <code>GitRepo</code>, it is by default targeted to the
<code>ClusterGroup</code> named <code>default</code>. This means that all <code>GitRepos</code> created in <code>fleet-local</code> will
automatically target the <code>local</code> <code>Cluster</code>. The <code>local</code> <code>Cluster</code> refers to the cluster the Fleet manager is running
on.</p><p>The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="cattle-fleet-system-system-namespace">cattle-fleet-system (system namespace)<a href="#cattle-fleet-system-system-namespace" class="hash-link" aria-label="Direct link to cattle-fleet-system (system namespace)" title="Direct link to cattle-fleet-system (system namespace)"></a></h3><p>The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by <code>GitRepos</code> are expected
to live in this namespace in the downstream cluster.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="cattle-fleet-clusters-system-system-registration-namespace">cattle-fleet-clusters-system (system registration namespace)<a href="#cattle-fleet-clusters-system-system-registration-namespace" class="hash-link" aria-label="Direct link to cattle-fleet-clusters-system (system registration namespace)" title="Direct link to cattle-fleet-clusters-system (system registration namespace)"></a></h3><p>This namespace holds secrets for the cluster registration process. It should contain no other resources in it,
especially secrets.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="cluster-namespaces">Cluster Namespaces<a href="#cluster-namespaces" class="hash-link" aria-label="Direct link to Cluster Namespaces" title="Direct link to Cluster Namespaces"></a></h3><p>For every cluster that is registered a namespace is created by the Fleet manager for that cluster.
These namespaces are named in the form <code>cluster-${namespace}-${cluster}-${random}</code>. The purpose of this
namespace is that all <code>BundleDeployments</code> for that cluster are put into this namespace and
then the downstream cluster is given access to watch and update <code>BundleDeployments</code> in that namespace only.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="cross-namespace-deployments">Cross Namespace Deployments<a href="#cross-namespace-deployments" class="hash-link" aria-label="Direct link to Cross Namespace Deployments" title="Direct link to Cross Namespace Deployments"></a></h2><p>It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a
central privileged team can manage common configuration for many clusters that are managed by different teams. The way
this is accomplished is by creating a <code>BundleNamespaceMapping</code> resource in a cluster.</p><p>If you are creating a <code>BundleNamespaceMapping</code> resource it is best to do it in a namespace that only contains <code>GitRepos</code>
and no <code>Clusters</code>. It seems to get confusing if you have Clusters in the same repo as the cross namespace <code>GitRepos</code> will still
always be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them
canary clusters.</p><p>A <code>BundleNamespaceMapping</code> has only two fields. Which are as below</p><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token key atrule">kind</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> BundleNamespaceMapping</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">apiVersion</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> fleet.cattle.io/v1alpha1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">metadata</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">name</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> not</span><span class="token punctuation" style="color:rgb(199, 146, 234)">-</span><span class="token plain">important</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> typically</span><span class="token punctuation" style="color:rgb(199, 146, 234)">-</span><span class="token plain">unique</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># Bundles to match by label. The labels are defined in the fleet.yaml</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># labels field or from the GitRepo metadata.labels field</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">bundleSelector</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">matchLabels</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">foo</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> bar</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># Namespaces to match by label</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">namespaceSelector</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">matchLabels</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">foo</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> bar</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>If the <code>BundleNamespaceMappings</code> <code>bundleSelector</code> field matches a <code>Bundles</code> labels then that <code>Bundle</code> target criteria will
be evaluated against all clusters in all namespaces that match <code>namespaceSelector</code>. One can specify labels for the created
bundles from git by putting labels in the <code>fleet.yaml</code> file or on the <code>metadata.labels</code> field on the <code>GitRepo</code>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="restricting-gitrepos">Restricting GitRepos<a href="#restricting-gitrepos" class="hash-link" aria-label="Direct link to Restricting GitRepos" title="Direct link to Restricting GitRepos"></a></h2><p>A namespace can contain multiple <code>GitRepoRestriction</code> resources. All <code>GitRepos</code>
created in that namespace will be checked against the list of restrictions.
If a <code>GitRepo</code> violates one of the constraints its <code>BundleDeployment</code> will be
in an error state and won&#x27;t be deployed.</p><p>This can also be used to set the defaults for GitRepo&#x27;s <code>serviceAccount</code> and <code>clientSecretName</code> fields.</p><div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token key atrule">kind</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> GitRepoRestriction</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">apiVersion</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> fleet.cattle.io/v1alpha1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">metadata</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">name</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> restriction</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token key atrule">namespace</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> typically</span><span class="token punctuation" style="color:rgb(199, 146, 234)">-</span><span class="token plain">unique</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">allowedClientSecretNames</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">allowedRepoPatterns</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">allowedServiceAccounts</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">allowedTargetNamespaces</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">defaultClientSecretName</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token key atrule">defaultServiceAccount</span><span class="token punctuation" style="color:rgb(199, 146, 234)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;&quot;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="allowed-target-namespaces">Allowed Target Namespaces<a href="#allowed-target-namespaces" class="hash-link" aria-label="Direct link to Allowed Target Namespaces" title="Direct link to Allowed Target Namespaces"></a></h3><p>This can be used to limit a deployment to a set of namespaces on a downstream cluster.
If an allowedTargetNamespaces restriction is present, all <code>GitRepos</code> must
specify a <code>targetNamespace</code> and the specified namespace must be in the allow
list.
This also prevents the creation of cluster wide resources.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/namespaces.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"><span class="theme-last-updated">Last updated<!-- --> on <b><time datetime="2024-10-18T11:42:02.000Z">Oct 18, 2024</time></b></span></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/0.8/gitrepo-content"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Git Repository Contents</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/0.8/resources-during-deployment"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Custom Resources During Deployment</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#gitrepos-bundles-clusters-clustergroups" class="table-of-contents__link toc-highlight">GitRepos, Bundles, Clusters, ClusterGroups</a><ul><li><a href="#gitrepo-namespace" class="table-of-contents__link toc-highlight">GitRepo Namespace</a></li></ul></li><li><a href="#namespace-creation-behavior-in-bundles" class="table-of-contents__link toc-highlight">Namespace Creation Behavior in Bundles</a></li><li><a href="#special-namespaces" class="table-of-contents__link toc-highlight">Special Namespaces</a><ul><li><a href="#fleet-local-local-workspace-cluster-registration-namespace" class="table-of-contents__link toc-highlight">fleet-local (local workspace, cluster registration namespace)</a></li><li><a href="#cattle-fleet-system-system-namespace" class="table-of-contents__link toc-highlight">cattle-fleet-system (system namespace)</a></li><li><a href="#cattle-fleet-clusters-system-system-registration-namespace" class="table-of-contents__link toc-highlight">cattle-fleet-clusters-system (system registration namespace)</a></li><li><a href="#cluster-namespaces" class="table-of-contents__link toc-highlight">Cluster Namespaces</a></li></ul></li><li><a href="#cross-namespace-deployments" class="table-of-contents__link toc-highlight">Cross Namespace Deployments</a></li><li><a href="#restricting-gitrepos" class="table-of-contents__link toc-highlight">Restricting GitRepos</a><ul><li><a href="#allowed-target-namespaces" class="table-of-contents__link toc-highlight">Allowed Target Namespaces</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 SUSE Rancher. All Rights Reserved.</div></div></div></footer></div>
<script src="/assets/js/runtime~main.b74b6382.js"></script>
<script src="/assets/js/main.88b5c325.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink