GitRepo Resource

The GitRepo resource describes git repositories, how to access them and where the bundles are located.

The content of the resource corresponds to the GitRepoSpec. For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

  1. kind: GitRepo
  2. apiVersion: fleet.cattle.io/v1alpha1
  3. metadata:
  4.   # Any name can be used here
  5.   name: my-repo
  6.   # For single cluster use fleet-local, otherwise use the namespace of
  7.   # your choosing
  8.   namespace: fleet-local
  9. spec:
  10.   # This can be a HTTPS or git URL.  If you are using a git URL then
  11.   # clientSecretName will probably need to be set to supply a credential.
  12.   # repo is the only required parameter for a repo to be monitored.
  13.   #
  14.   repo: https://github.com/rancher/fleet-examples
  16.   # Enforce all resources go to this target namespace. If a cluster scoped
  17.   # resource is found the deployment will fail.
  18.   #
  19.   # targetNamespace: app1
  21.   # Any branch can be watched, this field is optional. If not specified the
  22.   # branch is assumed to be master
  23.   #
  24.   # branch: master
  26.   # A specific commit or tag can also be watched.
  27.   #
  28.   # revision: v0.3.0
  30.   # For a private git repository you must supply a clientSecretName. A default
  31.   # secret can be set at the namespace level using the GitRepoRestriction
  32.   # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
  33.   # "kubernetes.io/basic-auth". The secret is assumed to be in the
  34.   # same namespace as the GitRepo
  35.   #
  36.   # clientSecretName: my-ssh-key
  38.   # If fleet.yaml contains a private Helm repo that requires authentication,
  39.   # provide the credentials in a K8s secret and specify them here.
  40.   # Danger: the credentials will be sent to all repositories referenced from
  41.   # this gitrepo. See section below for more information.
  42.   #
  43.   # helmSecretName: my-helm-secret
  45.   # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
  46.   # Credentials will always be used if it is empty or not provided
  47.   #
  48.   # helmRepoURLRegex: https://charts.rancher.io/*
  50.   # Contains the auth secret for private Helm repository for each path.
  51.   # See [Create a GitRepo Resource](.gitrepo-add#use-different-helm-credentials-for-each-path)
  52.   #
  53.   # helmSecretNameForPaths: multi-helm-secret
  55.   # To add additional ca-bundle for self-signed certs, caBundle can be
  56.   # filled with base64 encoded pem data. For example:
  57.   # `cat /path/to/ca.pem | base64 -w 0`
  58.   #
  59.   # caBundle: my-ca-bundle
  61.   # Disable SSL verification for git repo
  62.   #
  63.   # insecureSkipTLSVerify: true
  65.   # A git repo can read multiple paths in a repo at once.
  66.   # The below field is expected to be an array of paths and
  67.   # supports path globbing (ex: some/*/path)
  68.   #
  69.   # Example:
  70.   # paths:
  71.   # - single-path
  72.   # - multiple-paths/*
  73.   paths:
  74.   - simple
  76.   # PollingInterval configures how often fleet checks the git repo. The default
  77.   # is 15 seconds.
  78.   # Setting this to zero does not disable polling. It results in a 15s
  79.   # interval, too.
  80.   # As checking a git repo incurs a CPU cost, raising this value can help
  81.   # lowering fleetcontroller's CPU usage if tens of git repos are used or more
  82.   #
  83.   # pollingInterval: 15s
  85.   # When disablePolling is set to true the git repo won't be checked periodically.
  86.   # It will rely on webhooks only.
  87.   # See [Using Webhooks Instead of Polling](https://fleet.rancher.io/webhook)
  88.   # disablePolling: false
  90.   # Paused  causes changes in Git to not be propagated down to the clusters but
  91.   # instead mark resources as OutOfSync
  92.   #
  93.   # paused: false
  95.   # Increment this number to force a redeployment of contents from Git
  96.   #
  97.   # forceSyncGeneration: 0
  99.   # The service account that will be used to perform this deployment.
  100.   # This is the name of the service account that exists in the
  101.   # downstream cluster in the cattle-fleet-system namespace. It is assumed
  102.   # this service account already exists so it should be create before
  103.   # hand, most likely coming from another git repo registered with
  104.   # the Fleet manager.
  105.   #
  106.   # serviceAccount: moreSecureAccountThanClusterAdmin
  108.   # Target clusters to deploy to if running Fleet in a multi-cluster
  109.   # style. Refer to the "Mapping to Downstream Clusters" docs for
  110.   # more information.
  111.   # If empty, the "default" cluster group is used.
  112.   #
  113.   # targets: ...
  115.   # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
  116.   # a three-way merge strategy by default.
  117.   # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating
  118.   # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
  119.   # Keep in mind that resources might be recreated if force is enabled.
  120.   # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
  121.   #
  122.   #  correctDrift:
  123.   #    enabled: false
  124.   #    force: false #Warning: it might recreate resources if set to true
  125.   #    keepFailHistory: false