GitRepo Resource

The GitRepo resource describes git repositories, how to access them and where the bundles are located.

The content of the resource corresponds to the GitRepoSpec. For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

  1. kind: GitRepo
  2. apiVersion: fleet.cattle.io/v1alpha1
  3. metadata:
  4.   # Any name can be used here
  5.   name: my-repo
  6.   # For single cluster use fleet-local, otherwise use the namespace of
  7.   # your choosing
  8.   namespace: fleet-local
  9. spec:
  10.   # This can be a HTTPS or git URL.  If you are using a git URL then
  11.   # clientSecretName will probably need to be set to supply a credential.
  12.   # repo is the only required parameter for a repo to be monitored.
  13.   #
  14.   repo: https://github.com/rancher/fleet-examples
  16.   # Enforce all resources go to this target namespace. If a cluster scoped
  17.   # resource is found the deployment will fail.
  18.   #
  19.   # targetNamespace: app1
  21.   # Any branch can be watched, this field is optional. If not specified the
  22.   # branch is assumed to be master
  23.   #
  24.   # branch: master
  26.   # A specific commit or tag can also be watched.
  27.   #
  28.   # revision: v0.3.0
  30.   # For a private registry you must supply a clientSecretName. A default
  31.   # secret can be set at the namespace level using the GitRepoRestriction
  32.   # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
  33.   # "kubernetes.io/basic-auth". The secret is assumed to be in the
  34.   # same namespace as the GitRepo
  35.   #
  36.   # clientSecretName: my-ssh-key
  37.   #
  38.   # If fleet.yaml contains a private Helm repo that requires authentication,
  39.   # provide the credentials in a K8s secret and specify them here.
  40.   # Danger: the credentials will be sent to all repositories referenced from
  41.   # this gitrepo. See section below for more information.
  42.   #
  43.   # helmSecretName: my-helm-secret
  44.   #
  45.   # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
  46.   # Credentials will always be used if it is empty or not provided
  47.   #
  48.   # helmRepoURLRegex: https://charts.rancher.io/*
  49.   #
  50.   # To add additional ca-bundle for self-signed certs, caBundle can be
  51.   # filled with base64 encoded pem data. For example:
  52.   # `cat /path/to/ca.pem | base64 -w 0`
  53.   #
  54.   # caBundle: my-ca-bundle
  55.   #
  56.   # Disable SSL verification for git repo
  57.   #
  58.   # insecureSkipTLSVerify: true
  59.   #
  60.   # A git repo can read multiple paths in a repo at once.
  61.   # The below field is expected to be an array of paths and
  62.   # supports path globbing (ex: some/*/path)
  63.   #
  64.   # Example:
  65.   # paths:
  66.   # - single-path
  67.   # - multiple-paths/*
  68.   paths:
  69.   - simple
  71.   # PollingInterval configures how often fleet checks the git repo. The default
  72.   # is 15 seconds.
  73.   # Setting this to zero does not disable polling. It results in a 15s
  74.   # interval, too.
  75.   # As checking a git repo incurs a CPU cost, raising this value can help
  76.   # lowering fleetcontroller's CPU usage if tens of git repos are used or more
  77.   #
  78.   # pollingInterval: 15s
  80.   # Paused  causes changes in Git to not be propagated down to the clusters but
  81.   # instead mark resources as OutOfSync
  82.   #
  83.   # paused: false
  85.   # Increment this number to force a redeployment of contents from Git
  86.   #
  87.   # forceSyncGeneration: 0
  89.   # The service account that will be used to perform this deployment.
  90.   # This is the name of the service account that exists in the
  91.   # downstream cluster in the cattle-fleet-system namespace. It is assumed
  92.   # this service account already exists so it should be create before
  93.   # hand, most likely coming from another git repo registered with
  94.   # the Fleet manager.
  95.   #
  96.   # serviceAccount: moreSecureAccountThanClusterAdmin
  98.   # Target clusters to deploy to if running Fleet in a multi-cluster
  99.   # style. Refer to the "Mapping to Downstream Clusters" docs for
  100.   # more information.
  101.   # If empty, the "default" cluster group is used.
  102.   #
  103.   # targets: ...
  104.   #
  105.   # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
  106.   # a three-way merge strategy by default. 
  107.   # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating 
  108.   # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
  109.   # Keep in mind that resources might be recreated if force is enabled.
  110.   # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
  111.   #
  112.   #  correctDrift:
  113.   #    enabled: false
  114.   #    force: false #Warning: it might recreate resources if set to true
  115.   #    keepFailHistory: false