GitRepo Resource

The GitRepo resource describes git repositories, how to access them and where the bundles are located.

The content of the resource corresponds to the GitRepoSpec. For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

  1. kind: GitRepo
  2. apiVersion: fleet.cattle.io/v1alpha1
  3. metadata:
  4.   # Any name can be used here
  5.   name: my-repo
  6.   # For single cluster use fleet-local, otherwise use the namespace of
  7.   # your choosing
  8.   namespace: fleet-local
  9.   # Labels are copied to bundles, but not to workloads.
  10.   labels:
  11.     created-by: fleet
  12. spec:
  13.   # This can be a HTTPS or git URL.  If you are using a git URL then
  14.   # clientSecretName will probably need to be set to supply a credential.
  15.   # repo is the only required parameter for a repo to be monitored.
  16.   #
  17.   repo: https://github.com/rancher/fleet-examples
  19.   # Enforce all resources go to this target namespace. If a cluster scoped
  20.   # resource is found the deployment will fail.
  21.   #
  22.   # targetNamespace: app1
  24.   # Any branch can be watched, this field is optional. If not specified the
  25.   # branch is assumed to be master
  26.   #
  27.   # branch: master
  29.   # A specific commit or tag can also be watched.
  30.   #
  31.   # revision: v0.3.0
  33.   # For a private git repository you must supply a clientSecretName. A default
  34.   # secret can be set at the namespace level using the GitRepoRestriction
  35.   # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
  36.   # "kubernetes.io/basic-auth". The secret is assumed to be in the
  37.   # same namespace as the GitRepo
  38.   # If no clientSecretName is supplied, Fleet checks for a secret named
  39.   # "gitcredential".
  40.   #
  41.   # clientSecretName: my-ssh-key
  43.   # If fleet.yaml contains a private Helm repo that requires authentication,
  44.   # provide the credentials in a K8s secret and specify them here.
  45.   # Danger: the credentials will be sent to all repositories referenced from
  46.   # this gitrepo. See section below for more information.
  47.   #
  48.   # helmSecretName: my-helm-secret
  50.   # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
  51.   # Credentials will always be used if it is empty or not provided
  52.   #
  53.   # helmRepoURLRegex: https://charts.rancher.io/*
  55.   # Contains the auth secret for private Helm repository for each path.
  56.   # See [Create a GitRepo Resource](.gitrepo-add#use-different-helm-credentials-for-each-path)
  57.   #
  58.   # helmSecretNameForPaths: multi-helm-secret
  60.   # To add additional ca-bundle for self-signed certs, caBundle can be
  61.   # filled with base64 encoded pem data. For example:
  62.   # `cat /path/to/ca.pem | base64 -w 0`
  63.   #
  64.   # caBundle: my-ca-bundle
  66.   # Disable SSL verification for git repo
  67.   #
  68.   # insecureSkipTLSVerify: true
  70.   # A git repo can read multiple paths in a repo at once.
  71.   # The below field is expected to be an array of paths and
  72.   # supports path globbing (ex: some/*/path)
  73.   #
  74.   # Example:
  75.   # paths:
  76.   # - single-path
  77.   # - multiple-paths/*
  78.   paths:
  79.   - simple
  81.   # PollingInterval configures how often fleet checks the git repo. The default
  82.   # is 15 seconds.
  83.   # Setting this to zero does not disable polling. It results in a 15s
  84.   # interval, too.
  85.   # As checking a git repo incurs a CPU cost, raising this value can help
  86.   # lowering fleetcontroller's CPU usage if tens of git repos are used or more
  87.   #
  88.   # pollingInterval: 15s
  90.   # When disablePolling is set to true the git repo won't be checked periodically.
  91.   # It will rely on webhooks only.
  92.   # See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook)
  93.   # disablePolling: false
  95.   # When using a webhook, a secret can be defined per GitRepo to validate the received payload.
  96.   # webhookSecret is the name of the previously created secret for this purpose.
  97.   # See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook)
  98.   # webhookSecret: webhook-secret-name
  100.   # Paused  causes changes in Git to not be propagated down to the clusters but
  101.   # instead mark resources as OutOfSync
  102.   #
  103.   # paused: false
  105.   # Increment this number to force a redeployment of contents from Git
  106.   #
  107.   # forceSyncGeneration: 0
  109.   # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
  110.   # a three-way merge strategy by default.
  111.   # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating
  112.   # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
  113.   # Keep in mind that resources might be recreated if force is enabled.
  114.   # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
  115.   #
  116.   # correctDrift:
  117.   #   enabled: false
  118.   #   force: false #Warning: it might recreate resources if set to true
  119.   #   keepFailHistory: false
  121.   # The service account that will be used to perform this deployment.
  122.   # This is the name of the service account that exists in the
  123.   # downstream cluster in the cattle-fleet-system namespace. It is assumed
  124.   # this service account already exists so it should be created beforehand,
  125.   # for instance coming from another git repo registered with
  126.   # the Fleet manager.
  127.   # If no service account is configured, Fleet checks for a service account
  128.   # named "fleet-default".
  129.   #
  130.   # serviceAccount: moreSecureAccountThanClusterAdmin
  132.   # DeleteNamespace specifies if the namespace created 
  133.   # must be deleted after deleting the GitRepo.
  134.   # deleteNamespace: false
  136.   # bundles specifies the user-driven bundle definitions
  137.   # With this way of defining Bundles, Fleet will simply load the specified resources 
  138.   # along with the options file (if defined), or it will attempt to find a 
  139.   # fleet.yaml file in the defined base.
  140.   # See [How Repos are scanned](https://fleet.rancher.io/gitrepo-content#how-repos-are-scanned)
  141.   # It is recommended to avoid using the following characters in the base and options paths: :,|?<>
  142.   # You can use any of those (or even more than one), but not all of them at once.
  143.   # bundles:
  144.   #   base: basedirectory/to/bundle/resources
  145.   #   options: path/to/fleet.yaml (optional)
  146.   #   base: basedirectory/to/bundle2
  148.   # Target clusters to deploy to if running Fleet in a multi-cluster
  149.   # style. Refer to the "Mapping to Downstream Clusters" docs for
  150.   # more information.
  151.   # If empty, the "default" cluster group is used.
  152.   #
  153.   # targets: ...