163 lines
6.4 KiB
Markdown
163 lines
6.4 KiB
Markdown
# GitRepo Resource
|
|
|
|
The GitRepo resource describes git repositories, how to access them and where the bundles are located.
|
|
|
|
The content of the resource corresponds to the [GitRepoSpec](./ref-crds#gitrepospec).
|
|
For more information on how to use GitRepo resource, e.g. how to watch private repositories, see [Create a GitRepo Resource](./gitrepo-add.md).
|
|
|
|
```yaml
|
|
kind: GitRepo
|
|
apiVersion: fleet.cattle.io/v1alpha1
|
|
metadata:
|
|
# Any name can be used here
|
|
name: my-repo
|
|
# For single cluster use fleet-local, otherwise use the namespace of
|
|
# your choosing
|
|
namespace: fleet-local
|
|
# Labels are copied to bundles, but not to workloads.
|
|
labels:
|
|
created-by: fleet
|
|
spec:
|
|
# This can be a HTTPS or git URL. If you are using a git URL then
|
|
# clientSecretName will probably need to be set to supply a credential.
|
|
# repo is the only required parameter for a repo to be monitored.
|
|
#
|
|
repo: https://github.com/rancher/fleet-examples
|
|
|
|
# Enforce all resources go to this target namespace. If a cluster scoped
|
|
# resource is found the deployment will fail.
|
|
#
|
|
# targetNamespace: app1
|
|
|
|
# Any branch can be watched, this field is optional. If not specified the
|
|
# branch is assumed to be master
|
|
#
|
|
# branch: master
|
|
|
|
# A specific commit or tag can also be watched.
|
|
#
|
|
# revision: v0.3.0
|
|
|
|
# For a private git repository you must supply a clientSecretName. A default
|
|
# secret can be set at the namespace level using the GitRepoRestriction
|
|
# type. Secrets must be of the type "kubernetes.io/ssh-auth" or
|
|
# "kubernetes.io/basic-auth". The secret is assumed to be in the
|
|
# same namespace as the GitRepo
|
|
# If no clientSecretName is supplied, Fleet checks for a secret named
|
|
# "gitcredential".
|
|
#
|
|
# clientSecretName: my-ssh-key
|
|
|
|
# If fleet.yaml contains a private Helm repo that requires authentication,
|
|
# provide the credentials in a K8s secret and specify them here.
|
|
# Danger: the credentials will be sent to all repositories referenced from
|
|
# this gitrepo. See section below for more information.
|
|
#
|
|
# helmSecretName: my-helm-secret
|
|
|
|
# Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
|
|
# Credentials will always be used if it is empty or not provided
|
|
#
|
|
# helmRepoURLRegex: https://charts.rancher.io/*
|
|
|
|
# Contains the auth secret for private Helm repository for each path.
|
|
# See [Create a GitRepo Resource](.gitrepo-add#use-different-helm-credentials-for-each-path)
|
|
#
|
|
# helmSecretNameForPaths: multi-helm-secret
|
|
|
|
# To add additional ca-bundle for self-signed certs, caBundle can be
|
|
# filled with base64 encoded pem data. For example:
|
|
# `cat /path/to/ca.pem | base64 -w 0`
|
|
#
|
|
# caBundle: my-ca-bundle
|
|
|
|
# Disable SSL verification for git repo
|
|
#
|
|
# insecureSkipTLSVerify: true
|
|
|
|
# A git repo can read multiple paths in a repo at once.
|
|
# The below field is expected to be an array of paths and
|
|
# supports path globbing (ex: some/*/path)
|
|
#
|
|
# Example:
|
|
# paths:
|
|
# - single-path
|
|
# - multiple-paths/*
|
|
paths:
|
|
- simple
|
|
|
|
# PollingInterval configures how often fleet checks the git repo. The default
|
|
# is 15 seconds.
|
|
# Setting this to zero does not disable polling. It results in a 15s
|
|
# interval, too.
|
|
# As checking a git repo incurs a CPU cost, raising this value can help
|
|
# lowering fleetcontroller's CPU usage if tens of git repos are used or more
|
|
#
|
|
# pollingInterval: 15s
|
|
|
|
# When disablePolling is set to true the git repo won't be checked periodically.
|
|
# It will rely on webhooks only.
|
|
# See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook)
|
|
# disablePolling: false
|
|
|
|
# When using a webhook, a secret can be defined per GitRepo to validate the received payload.
|
|
# webhookSecret is the name of the previously created secret for this purpose.
|
|
# See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook)
|
|
# webhookSecret: webhook-secret-name
|
|
|
|
# Paused causes changes in Git to not be propagated down to the clusters but
|
|
# instead mark resources as OutOfSync
|
|
#
|
|
# paused: false
|
|
|
|
# Increment this number to force a redeployment of contents from Git
|
|
#
|
|
# forceSyncGeneration: 0
|
|
|
|
# Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
|
|
# a three-way merge strategy by default.
|
|
# It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating
|
|
# an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
|
|
# Keep in mind that resources might be recreated if force is enabled.
|
|
# Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
|
|
#
|
|
# correctDrift:
|
|
# enabled: false
|
|
# force: false #Warning: it might recreate resources if set to true
|
|
# keepFailHistory: false
|
|
|
|
# The service account that will be used to perform this deployment.
|
|
# This is the name of the service account that exists in the
|
|
# downstream cluster in the cattle-fleet-system namespace. It is assumed
|
|
# this service account already exists so it should be created beforehand,
|
|
# for instance coming from another git repo registered with
|
|
# the Fleet manager.
|
|
# If no service account is configured, Fleet checks for a service account
|
|
# named "fleet-default".
|
|
#
|
|
# serviceAccount: moreSecureAccountThanClusterAdmin
|
|
|
|
# DeleteNamespace specifies if the namespace created
|
|
# must be deleted after deleting the GitRepo.
|
|
# deleteNamespace: false
|
|
|
|
# bundles specifies the user-driven bundle definitions
|
|
# With this way of defining Bundles, Fleet will simply load the specified resources
|
|
# along with the options file (if defined), or it will attempt to find a
|
|
# fleet.yaml file in the defined base.
|
|
# See [How Repos are scanned](https://fleet.rancher.io/gitrepo-content#how-repos-are-scanned)
|
|
# It is recommended to avoid using the following characters in the base and options paths: :,|?<>
|
|
# You can use any of those (or even more than one), but not all of them at once.
|
|
# bundles:
|
|
# base: basedirectory/to/bundle/resources
|
|
# options: path/to/fleet.yaml (optional)
|
|
# base: basedirectory/to/bundle2
|
|
|
|
# Target clusters to deploy to if running Fleet in a multi-cluster
|
|
# style. Refer to the "Mapping to Downstream Clusters" docs for
|
|
# more information.
|
|
# If empty, the "default" cluster group is used.
|
|
#
|
|
# targets: ...
|
|
```
|