fleet.yaml

The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

The content of the fleet.yaml corresponds to the FleetYAML struct at pkg/apis/fleet.cattle.io/v1alpha1/fleetyaml.go, which contains the BundleSpec.

Reference

Full YAML reference

fleet.yaml

  1. # The default namespace to be applied to resources. This field is not used to
  2. # enforce or lock down the deployment to a specific namespace, but instead
  3. # provide the default value of the namespace field if one is not specified in
  4. # the manifests.
  5. #
  6. # Default: default
  7. defaultNamespace: default
  9. # All resources will be assigned to this namespace and if any cluster scoped
  10. # resource exists the deployment will fail.
  11. #
  12. # Default: ""
  13. namespace: default
  15. # namespaceLabels are labels that will be appended to the namespace created by
  16. # Fleet.
  17. namespaceLabels:
  18.   key: value
  20. # namespaceAnnotations are annotations that will be appended to the namespace
  21. # created by Fleet.
  22. namespaceAnnotations:
  23.   key: value
  25. # Optional map of labels, that are set at the bundle and can be used in a
  26. # dependsOn.selector
  27. labels:
  28.   key: value
  30. kustomize:
  31.   # Use a custom folder for kustomize resources. This folder must contain a
  32.   # kustomization.yaml file.
  33.   dir: ./kustomize
  35. helm:
  37.   # These options control how "fleet apply" downloads the chart
  38.   # (See `Helm Options` below for more details)
  39.   #
  40.   chart: ./chart
  42.   # A https URL to a Helm repo to download the chart from. It's typically easier
  43.   # to just use `chart` field and refer to a tgz file.  If repo is used the
  44.   # value of `chart` will be used as the chart name to lookup in the Helm
  45.   # repository.
  46.   repo: https://charts.rancher.io
  48.   # The version of the chart or semver constraint of the chart to find. If a
  49.   # constraint is specified, it is evaluated each time git changes.
  50.   # (See `Helm Options` below for more details)
  51.   version: 0.1.0
  53.   # By default fleet downloads any dependency found in a helm chart.  Use
  54.   # disableDependencyUpdate: true to disable this feature.
  55.   disableDependencyUpdate: false
  57.   ### These options only work for helm-type bundles.
  58.   #
  59.   # Any values that should be placed in the `values.yaml` and passed to helm
  60.   # during install.
  61.   values:
  63.     any-custom: value
  65.     # All labels on Rancher clusters are available using
  66.     # global.fleet.clusterLabels.LABELNAME These can now be accessed directly as
  67.     # variables The variable's value will be an empty string if the referenced
  68.     # cluster label does not exist on the targeted cluster.
  69.     variableName: global.fleet.clusterLabels.LABELNAME
  71.     # See Templating notes below for more information on templating.
  72.     templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
  74.     valueFromEnv:
  75.       "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
  77.   # Path to any values files that need to be passed to helm during install.
  78.   valuesFiles:
  79.     - values1.yaml
  80.     - values2.yaml
  82.   # Allow to use values files from configmaps or secrets defined in the
  83.   # downstream clusters.
  84.   valuesFrom:
  85.     - configMapKeyRef:
  86.         name: configmap-values
  87.         # default to namespace of bundle
  88.         namespace: default
  89.         key: values.yaml
  90.     - secretKeyRef:
  91.         name: secret-values
  92.         namespace: default
  93.         key: values.yaml
  95.   ### These options control how fleet-agent deploys the bundle, they also apply
  96.   ### for kustomize- and manifest-style bundles.
  97.   #
  98.   # A custom release name to deploy the chart as. If not specified a release name
  99.   # will be generated by combining the invoking GitRepo.name + GitRepo.path.
  100.   releaseName: my-release
  101.   #
  102.   # Makes helm skip the check for its own annotations
  103.   takeOwnership: false
  104.   #
  105.   # Override immutable resources. This could be dangerous.
  106.   force: false
  107.   #
  108.   # Set the Helm --atomic flag when upgrading
  109.   atomic: false
  110.   #
  111.   # Disable go template pre-processing on the fleet values
  112.   disablePreProcess: false
  113.   #
  114.   # Disable DNS resolution in Helm's template functions
  115.   disableDNS: false
  116.   #
  117.   # Skip evaluation of the values.schema.json file
  118.   skipSchemaValidation: false
  119.   #
  120.   # If set and timeoutSeconds provided, will wait until all Jobs have been
  121.   # completed before marking the GitRepo as ready.  It will wait for as long as
  122.   # timeoutSeconds.
  123.   waitForJobs: true
  125. # A paused bundle will not update downstream clusters but instead mark the bundle
  126. # as OutOfSync. One can then manually confirm that a bundle should be deployed to
  127. # the downstream clusters.
  128. #
  129. # Default: false
  130. paused: false
  132. # If rolloutStrategy is not defined in the fleet.yaml file, Fleet uses default rollout values.
  133. rolloutStrategy:
  135.   # A number or percentage of clusters that can be unavailable during an update
  136.   # of a bundle. This follows the same basic approach as a deployment rollout
  137.   # strategy. Once the number of clusters meets unavailable state update will be
  138.   # paused. Default value is 100% which doesn't take effect on update.
  139.   #
  140.   # default: 100%
  141.   maxUnavailable: 15%
  143.   # A number or percentage of cluster partitions that can be unavailable during
  144.   # an update of a bundle.
  145.   #
  146.   # default: 0
  147.   maxUnavailablePartitions: 20%
  149.   # A number or percentage of how to automatically partition clusters if not
  150.   # specific partitioning strategy is configured.
  151.   # The default value is defined in rolloutStrategy.maxUnavailable
  152.   autoPartitionSize: 10%
  154.   # A list of definitions of partitions.  If any target clusters do not match
  155.   # the configuration they are added to partitions at the end following the
  156.   # autoPartitionSize.
  157.   partitions:
  159.     # A user friend name given to the partition used for Display (optional).
  160.     # default: ""
  161.     - name: canary
  163.       # A number or percentage of clusters that can be unavailable in this
  164.       # partition before this partition is treated as done.
  165.       # default: 10%
  166.       maxUnavailable: 10%
  168.       # Selector matching cluster labels to include in this partition
  169.       clusterSelector:
  170.         matchLabels:
  171.           env: prod
  173.       # OR, if selecting by ClusterGroup labels:
  174.       clusterGroupSelector:
  175.         matchLabels:
  176.           env: prod
  178.       # A cluster group name to include in this partition
  179.       clusterGroup: agroup
  181. # Target customization are used to determine how resources should be modified
  182. # per target Targets are evaluated in order and the first one to match a cluster
  183. # is used for that cluster.
  184. targetCustomizations:
  186.   # The name of target. If not specified a default name of the format
  187.   # "target000" will be used. This value is mostly for display
  188.   - name: prod
  190.     # Custom namespace value overriding the value at the root.
  191.     namespace: newvalue
  193.     # Custom defaultNamespace value overriding the value at the root.
  194.     defaultNamespace: newdefaultvalue
  196.     # Custom kustomize options overriding the options at the root.
  197.     kustomize: {}
  199.     # Custom Helm options override the options at the root.
  200.     helm: {}
  202.     # If using raw YAML these are names that map to overlays/{name} that will be
  203.     # used to replace or patch a resource. If you wish to customize the file
  204.     # ./subdir/resource.yaml then a file
  205.     # ./overlays/myoverlay/subdir/resource.yaml will replace the base file.  A
  206.     # file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the
  207.     # base file.  A patch can in JSON Patch or JSON Merge format or a strategic
  208.     # merge patch for builtin Kubernetes types. Refer to "Raw YAML Resource
  209.     # Customization" below for more information.
  210.     yaml:
  211.       overlays:
  212.         - custom2
  213.         - custom3
  215.     # A selector used to match clusters.  The structure is the standard
  216.     # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is
  217.     # specified, clusterSelector will be used only to further refine the
  218.     # selection after clusterGroupSelector and clusterGroup is evaluated.
  219.     clusterSelector:
  220.       matchLabels:
  221.         env: prod
  223.     # A selector used to match a specific cluster by name. When using Fleet in
  224.     # Rancher, make sure to put the name of the clusters.fleet.cattle.io
  225.     # resource.
  226.     clusterName: dev-cluster
  228.     # A selector used to match cluster groups.
  229.     clusterGroupSelector:
  230.       matchLabels:
  231.         region: us-east
  233.     # A specific clusterGroup by name that will be selected.
  234.     clusterGroup: group1
  236.     # Resources will not be deployed in the matched clusters if doNotDeploy is
  237.     # true.
  238.     doNotDeploy: false
  240.     # Drift correction removes any external change made to resources managed by
  241.     # Fleet.  It performs a helm rollback, which uses a three-way merge strategy
  242.     # by default.  It will try to update all resources by doing a PUT request if
  243.     # force is enabled.  Three-way strategic merge might fail when updating an
  244.     # item inside of an array as it will try to add a new item instead of
  245.     # replacing the existing one.  This can be fixed by using force.  Keep in
  246.     # mind that resources might be recreated if force is enabled.  Failed
  247.     # rollback will be removed from the helm history unless keepFailHistory is
  248.     # set to true.
  249.     correctDrift:
  250.       enabled: false
  251.       force: false # Warning: it might recreate resources if set to true
  252.       keepFailHistory: false
  254. # dependsOn allows you to configure dependencies to other bundles. The current
  255. # bundle will only be deployed, after all dependencies are deployed and in a
  256. # Ready state.
  257. dependsOn:
  259.   # Format:
  260.   #     <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
  261.   #
  262.   # Example:
  263.   #
  264.   #      GitRepo name "one", Bundle path "/multi-cluster/hello-world"
  265.   #      results in "one-multi-cluster-hello-world".
  266.   #
  267.   # Note:
  268.   #
  269.   #   Bundle names are limited to 53 characters long. If longer they will be
  270.   #   shortened:
  271.   #
  272.   #     opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes
  273.   #     opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7
  274.   - name: one-multi-cluster-hello-world
  276.   # Select bundles to depend on based on their label.
  277.   - selector:
  278.       matchLabels:
  279.         app: weak-monkey
  281. # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks
  282. # some conditions in Custom Resources makes the Bundle to be in an error state
  283. # when it shouldn't.
  284. ignore:
  286.   # Conditions to be ignored
  287.   conditions:
  289.     # In this example a condition will be ignored if it contains
  290.     # {"type": "Active", "status", "False"}
  291.     - type: Active
  292.       status: "False"
  294. # Override targets defined in the GitRepo. The Bundle will not have any targets
  295. # from the GitRepo if overrideTargets is provided.
  296. overrideTargets:
  297.   - clusterSelector:
  298.       matchLabels:
  299.         env: dev

Helm Options

Main options

chart

This specifies a custom location for the Helm chart. This can refer to any go-getter URL or OCI registry based Helm chart URL, e.g. oci://ghcr.io/fleetrepoci/guestbook. This allows one to download charts from many different locations. go-getter URLs support adding a digest to validate the download. If the repo field is set, this field is the name of the chart to lookup.

It is possible to download the chart from a Git repository, e.g. by using [[email protected]](https://fleet.rancher.io/cdn-cgi/l/email-protection):rancher/fleet-examples//single-cluster/helm. If a secret for the SSH key was defined in the GitRepo via helmSecretName, it will be injected into the chart URL.

fleet.yaml - 图1chart reference depending on fleet.yaml location

If a fleet.yaml file is located outside of an embedded chart’s directory, then it must explicitly reference the chart using a helm.chart field. Otherwise, Fleet will not install the chart.

This also means that if no helm.chart field is specified in such a case, then Helm-specific fields like valuesFiles or valuesFrom will not have any effect.

It is not necessary to specify a chart’s own values.yaml via valuesFiles:. It will always be used as a default when the agent installs the chart. See Using Helm Values.

See Using Helm Values for more details.

fleet.yaml - 图2note

fleet.yaml - 图3Limitation: downloading Helm charts from git with custom CA bundles

Git repositories can be downloaded via unauthenticated http, by using for example: git::http://github.com/rancher/fleet-examples/single-cluster/helm.

However, this does not work with custom CA bundles at this point: if a CA bundle is configured in a secret referenced in helmSecretName, will not be used, which will result in the git job displaying errors such as SSL certificate problem: unable to get local issuer certificate when running fleet apply to generate a bundle.

See fleet#3646 for more details.

version

The version also determines which chart to download from OCI registries.

fleet.yaml - 图4+ character support

OCI registries don’t support the + character, which is supported by semver. When pushing a Helm chart with a tag containing the + character, Helm automatically replaces + with ‘_‘ before uploading it.

You should use the version with the + in fleet.yaml, as the _ character is not supported by semver and Fleet also replaces + with _ when accessing the OCI registry.

How fleet-agent deploys the bundle

These options also apply to kustomize- and manifest-style bundles. They control how the fleet-agent deploys the bundle. All bundles are converted into Helm charts and deployed with the Helm SDK. These options are often similar to the Helm CLI options for install and update.

  • releaseName
  • takeOwnership
  • force
  • atomic
  • disablePreProcess
  • disableDNS
  • skipSchemaValidation
  • waitForJobs

Helm Chart Download Options

These options are for Helm-style bundles, they specify how to download the chart.

  • chart
  • repo
  • version

The reference to the chart can be either:

  • a local path in the cloned Git repository, specified by chart.
  • a go-getter URL, specified by chart. This can be used to download a tarball of the chart. go-getter also allows to download a chart from a Git repo.
  • OCI chart URL, specified by chart. This can be used to download a chart directly from a OCI server. It uses the Helm SDK to download the chart.
  • a Helm repository, specified by repo and optionally version.
  • an OCI Helm repository, specified by repo and optionally version.

Helm Chart Value Options

Options for the downloaded Helm chart.

  • values
  • valuesFiles
  • valueFrom

Values

Values are processed in different stages of the Bundle lifecycle

  • fleet.yaml values: and valuesFile: are added to the bundle’s values when it is created.
  • helm values templating, e.g. with ${ } happens when the bundle is targeted at a cluster, cluster labels filled in, etc.
  • When the agent installs the chart, values from valuesFrom are read. Then Helm templating {{ }} is processed.

Templating

It is possible to specify the keys and values as go template strings for advanced templating needs. Most of the functions from the sprig templating library are available. This can be turned off in fleet.yaml, by setting disablePreProcess, e.g. to avoid conflicts with other templating languages.

Note that if the functions output changes with every call, e.g. uuidv4, the bundle will get redeployed.

You can test values templating with the CLI against existing clusters.

The template context has the following keys:

  • .ClusterValues are retrieved from target cluster’s spec.templateValues
  • .ClusterLabels and .ClusterAnnotations are the labels and annotations in the cluster resource.
  • .ClusterName as the fleet’s cluster resource name.
  • .ClusterNamespace as the namespace in which the cluster resource exists.

To access Labels or Annotations by their key name:

  1. ${ get .ClusterLabels "management.cattle.io/cluster-display-name" }

Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims, unlike Helm which uses {{ }}. These fleet.yaml template delimiters can be escaped using backticks, eg.:

  1. foo-bar-${`${PWD}`}

will result in the following text:

  1. foo-bar-${PWD}

fleet.yaml - 图5empty values

It is easier to use global.fleet.clusterLabels.LABELNAME instead of templating. When using templating, make sure to protect against null values.

Example:

  1. ${ if hasKey .ClusterLabels "LABELNAME" }${ .ClusterLabels.LABELNAME }${ else }missing${ end}