Custom Resources Spec

Sub Resources

Bundle

Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.

When a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specBundleSpectrue
statusBundleStatustrue

Back to Custom Resources

BundleDisplay

BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle.

FieldDescriptionSchemeRequired
readyClustersReadyClusters is a string in the form \”%d/%d\”, that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
stateState is a summary state for the bundle, calculated over the non-ready resources.stringfalse

Back to Custom Resources

BundleList

BundleList contains a list of Bundle

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]Bundletrue

Back to Custom Resources

BundleRef

FieldDescriptionSchemeRequired
nameName of the bundle.stringfalse
selectorSelector matching bundle’s labels.*metav1.LabelSelectorfalse

Back to Custom Resources

BundleResource

BundleResource represents the content of a single resource from the bundle, like a YAML manifest.

FieldDescriptionSchemeRequired
nameName of the resource, can include the bundle’s internal path.stringfalse
contentThe content of the resource, can be compressed.stringfalse
encodingEncoding is either empty or \”base64+gz\”.stringfalse

Back to Custom Resources

BundleSpec

FieldDescriptionSchemeRequired
pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
resourcesResources contains the resources that were read from the bundle’s path. This includes the content of downloaded helm charts.[]BundleResourcefalse
targetsTargets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used.[]BundleTargetfalse
targetRestrictionsTargetRestrictions is an allow list, which controls if a bundledeployment is created for a target.[]BundleTargetRestrictionfalse
dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
contentsIdContentsID stores the contents id when deploying contents using an OCI registry.stringfalse

Back to Custom Resources

BundleStatus

FieldDescriptionSchemeRequired
conditionsConditions is a list of Wrangler conditions that describe the state of the bundle.[]genericcondition.GenericConditionfalse
summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
newlyCreatedNewlyCreated is the number of bundle deployments that have been created, not updated.intfalse
unavailableUnavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec.inttrue
unavailablePartitionsUnavailablePartitions is the number of unavailable partitions.inttrue
maxUnavailableMaxUnavailable is the maximum number of unavailable deployments. See rollout configuration.inttrue
maxUnavailablePartitionsMaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions.inttrue
maxNewMaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time.intfalse
partitionsPartitionStatus lists the status of each partition.[]PartitionStatusfalse
displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle’s resources.BundleDisplayfalse
resourceKeyResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc..[]ResourceKeyfalse
ociReferenceOCIReference is the OCI reference used to store contents, this is only for informational purposes.stringfalse
observedGenerationObservedGeneration is the current generation of the bundle.int64true
resourcesSha256SumResourcesSHA256Sum corresponds to the JSON serialization of the .Spec.Resources fieldstringfalse

Back to Custom Resources

BundleSummary

BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status.

FieldDescriptionSchemeRequired
notReadyNotReady is the number of bundle deployments that have been deployed where some resources are not ready.intfalse
waitAppliedWaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.intfalse
errAppliedErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle.intfalse
outOfSyncOutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent.intfalse
modifiedModified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced.intfalse
readyReady is the number of bundle deployments that have been deployed where all resources are ready.inttrue
pendingPending is the number of bundle deployments that are being processed by Fleet controller.intfalse
desiredReadyDesiredReady is the number of bundle deployments that should be ready.inttrue
nonReadyResourcesNonReadyClusters is a list of states, which is filled for a bundle that is not ready.[]NonReadyResourcefalse

Back to Custom Resources

BundleTarget

BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct.

FieldDescriptionSchemeRequired
nameName of target. This value is largely for display and logging. If not specified a default name of the format \”target000\” will be usedstringfalse
clusterNameClusterName to match a specific cluster by name that will be selectedstringfalse
clusterSelectorClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated.metav1.LabelSelectorfalse
clusterGroupClusterGroup to match a specific cluster group by name.stringfalse
clusterGroupSelectorClusterGroupSelector is a selector to match cluster groups.metav1.LabelSelectorfalse
doNotDeployDoNotDeploy if set to true, will not deploy to this target.boolfalse
namespaceLabelsNamespaceLabels are labels that will be appended to the namespace created by Fleet.map[string]stringfalse
namespaceAnnotationsNamespaceAnnotations are annotations that will be appended to the namespace created by Fleet.map[string]stringfalse

Back to Custom Resources

BundleTargetRestriction

BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml.

FieldDescriptionSchemeRequired
namestringfalse
clusterNamestringfalse
clusterSelectormetav1.LabelSelectorfalse
clusterGroupstringfalse
clusterGroupSelectormetav1.LabelSelectorfalse

Back to Custom Resources

NonReadyResource

NonReadyResource contains information about a bundle that is not ready for a given state like \“ErrApplied\“. It contains a list of non-ready or modified resources and their states.

FieldDescriptionSchemeRequired
nameName is the name of the resource.stringfalse
bundleStateState is the state of the resource, like e.g. \”NotReady\” or \”ErrApplied\”.BundleStatefalse
messageMessage contains information why the bundle is not ready.stringfalse
modifiedStatusModifiedStatus lists the state for each modified resource.[]ModifiedStatusfalse
nonReadyStatusNonReadyStatus lists the state for each non-ready resource.[]NonReadyStatusfalse

Back to Custom Resources

Partition

Partition defines a separate rollout strategy for a set of clusters.

FieldDescriptionSchemeRequired
nameA user-friendly name given to the partition used for Display (optional).stringfalse
maxUnavailableA number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%intstr.IntOrStringfalse
clusterNameClusterName is the name of a cluster to include in this partitionstringfalse
clusterSelectorSelector matching cluster labels to include in this partitionmetav1.LabelSelectorfalse
clusterGroupA cluster group name to include in this partitionstringfalse
clusterGroupSelectorSelector matching cluster group labels to include in this partition*metav1.LabelSelectorfalse

Back to Custom Resources

PartitionStatus

PartitionStatus is the status of a single rollout partition.

FieldDescriptionSchemeRequired
nameName is the name of the partition.stringfalse
countCount is the number of clusters in the partition.intfalse
maxUnavailableMaxUnavailable is the maximum number of unavailable clusters in the partition.intfalse
unavailableUnavailable is the number of unavailable clusters in the partition.intfalse
summarySummary is a summary state for the partition, calculated over its non-ready resources.BundleSummaryfalse

Back to Custom Resources

ResourceKey

ResourceKey lists resources, which will likely be deployed.

FieldDescriptionSchemeRequired
kindKind is the k8s api kind of the resource.stringfalse
apiVersionAPIVersion is the k8s api version of the resource.stringfalse
namespaceNamespace is the namespace of the resource.stringfalse
nameName is the name of the resource.stringfalse

Back to Custom Resources

RolloutStrategy

RolloverStrategy controls the rollout of the bundle across clusters.

FieldDescriptionSchemeRequired
maxUnavailableA number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn’t take effect on update. default: 100%intstr.IntOrStringfalse
maxUnavailablePartitionsA number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0intstr.IntOrStringfalse
autoPartitionSizeA number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%*intstr.IntOrStringfalse
partitionsA list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize.[]Partitionfalse

Back to Custom Resources

BundleDeployment

BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specBundleDeploymentSpecfalse
statusBundleDeploymentStatusfalse

Back to Custom Resources

BundleDeploymentDisplay

FieldDescriptionSchemeRequired
deployedstringfalse
monitoredstringfalse
statestringfalse

Back to Custom Resources

BundleDeploymentList

BundleDeploymentList contains a list of BundleDeployment

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]BundleDeploymenttrue

Back to Custom Resources

BundleDeploymentOptions

FieldDescriptionSchemeRequired
defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.KustomizeOptionsfalse
helmHelm options for the deployment, like the chart name, repo and values.HelmOptionsfalse
serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
yamlYAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.YAMLOptionsfalse
diffDiff can be used to ignore the modified state of objects which are amended at runtime.DiffOptionsfalse
keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse
deleteNamespaceDeleteNamespace can be used to delete the deployed namespace when removing the bundleboolfalse
ignoreIgnoreOptions can be used to ignore fields when monitoring the bundle.IgnoreOptionsfalse
correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse
namespaceLabelsNamespaceLabels are labels that will be appended to the namespace created by Fleet.map[string]stringfalse
namespaceAnnotationsNamespaceAnnotations are annotations that will be appended to the namespace created by Fleet.*map[string]stringfalse
deleteCRDResourcesDeleteCRDResources deletes CRDs. Warning! this will also delete all your Custom Resources.boolfalse

Back to Custom Resources

BundleDeploymentResource

BundleDeploymentResource contains the metadata of a deployed resource.

FieldDescriptionSchemeRequired
kindstringfalse
apiVersionstringfalse
namespacestringfalse
namestringfalse
createdAtmetav1.Timefalse

Back to Custom Resources

BundleDeploymentSpec

FieldDescriptionSchemeRequired
pausedPaused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected.boolfalse
stagedOptionsStagedOptions are the deployment options, that are staged for the next deployment.BundleDeploymentOptionsfalse
stagedDeploymentIDStagedDeploymentID is the ID of the staged deployment.stringfalse
optionsOptions are the deployment options, that are currently applied.BundleDeploymentOptionsfalse
deploymentIDDeploymentID is the ID of the currently applied deployment.stringfalse
dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
correctDriftCorrectDrift specifies how drift correction should work.*CorrectDriftfalse
ociContentsOCIContents is true when this deployment’s contents is stored in an oci registryboolfalse

Back to Custom Resources

BundleDeploymentStatus

FieldDescriptionSchemeRequired
conditions[]genericcondition.GenericConditionfalse
appliedDeploymentIDstringfalse
releasestringfalse
readyboolfalse
nonModifiedboolfalse
nonReadyStatus[]NonReadyStatusfalse
modifiedStatus[]ModifiedStatusfalse
displayBundleDeploymentDisplayfalse
syncGeneration*int64false
resourcesResources lists the metadata of resources that were deployed according to the helm release history.[]BundleDeploymentResourcefalse

Back to Custom Resources

ComparePatch

ComparePatch matches a resource and removes fields from the check for modifications.

FieldDescriptionSchemeRequired
kindKind is the kind of the resource to match.stringfalse
apiVersionAPIVersion is the apiVersion of the resource to match.stringfalse
namespaceNamespace is the namespace of the resource to match.stringfalse
nameName is the name of the resource to match.stringfalse
operationsOperations remove a JSON path from the resource.[]Operationfalse
jsonPointersJSONPointers ignore diffs at a certain JSON path.[]stringfalse

Back to Custom Resources

ConfigMapKeySelector

FieldDescriptionSchemeRequired
namespacestringfalse
keystringfalse

Back to Custom Resources

DiffOptions

FieldDescriptionSchemeRequired
comparePatchesComparePatches match a resource and remove fields from the check for modifications.[]ComparePatchfalse

Back to Custom Resources

HelmOptions

HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types.

FieldDescriptionSchemeRequired
chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
versionVersion of the chart to downloadstringfalse
timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
forceForce allows to override immutable resources. This could be dangerous.boolfalse
takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
atomicAtomic sets the —atomic flag when Helm is performing an upgradeboolfalse
disablePreProcessDisablePreProcess disables template processing in valuesboolfalse
disableDNSDisableDNS can be used to customize Helm’s EnableDNS option, which Fleet sets to true by default.boolfalse
skipSchemaValidationSkipSchemaValidation allows skipping schema validation against the chart valuesboolfalse
disableDependencyUpdateDisableDependencyUpdate allows skipping chart dependencies updateboolfalse

Back to Custom Resources

IgnoreOptions

IgnoreOptions defines conditions to be ignored when monitoring the Bundle.

FieldDescriptionSchemeRequired
conditionsConditions is a list of conditions to be ignored when monitoring the Bundle.[]map[string]stringfalse

Back to Custom Resources

KustomizeOptions

KustomizeOptions for a deployment.

FieldDescriptionSchemeRequired
dirDir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file.stringfalse

Back to Custom Resources

LocalObjectReference

FieldDescriptionSchemeRequired
nameName of a resource in the same namespace as the referent.stringtrue

Back to Custom Resources

ModifiedStatus

ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch.

FieldDescriptionSchemeRequired
kindstringfalse
apiVersionstringfalse
namespacestringfalse
namestringfalse
missingboolfalse
deleteboolfalse
patchstringfalse

Back to Custom Resources

NonReadyStatus

NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary.

FieldDescriptionSchemeRequired
uidtypes.UIDfalse
kindstringfalse
apiVersionstringfalse
namespacestringfalse
namestringfalse
summarysummary.Summaryfalse

Back to Custom Resources

Operation

Operation of a ComparePatch, usually \“remove\“.

FieldDescriptionSchemeRequired
opOp is usually \”remove\”stringfalse
pathPath is the JSON path to remove.stringfalse
valueValue is usually empty.stringfalse

Back to Custom Resources

SecretKeySelector

FieldDescriptionSchemeRequired
namespacestringfalse
keystringfalse

Back to Custom Resources

ValuesFrom

Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

FieldDescriptionSchemeRequired
configMapKeyRefThe reference to a config map with release values.ConfigMapKeySelectorfalse
secretKeyRefThe reference to a secret with release values.SecretKeySelectorfalse

Back to Custom Resources

YAMLOptions

YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.

FieldDescriptionSchemeRequired
overlaysOverlays is a list of names that maps to folders in \”overlays/\”. If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.[]stringfalse

Back to Custom Resources

BundleNamespaceMapping

BundleNamespaceMapping maps bundles to clusters in other namespaces.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
bundleSelectormetav1.LabelSelectorfalse
namespaceSelectormetav1.LabelSelectorfalse

Back to Custom Resources

BundleNamespaceMappingList

BundleNamespaceMappingList contains a list of BundleNamespaceMapping

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]BundleNamespaceMappingtrue

Back to Custom Resources

AgentStatus

FieldDescriptionSchemeRequired
lastSeenLastSeen is the last time the agent checked in to update the status of the cluster resource.metav1.Timetrue
namespaceNamespace is the namespace of the agent deployment, e.g. \”cattle-fleet-system\”.stringtrue

Back to Custom Resources

Cluster

Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specClusterSpecfalse
statusClusterStatusfalse

Back to Custom Resources

ClusterDisplay

FieldDescriptionSchemeRequired
readyBundlesReadyBundles is a string in the form \”%d/%d\”, that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
stateState of the cluster, either one of the bundle states, or \”WaitCheckIn\”.stringfalse

Back to Custom Resources

ClusterList

ClusterList contains a list of Cluster

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]Clustertrue

Back to Custom Resources

ClusterSpec

FieldDescriptionSchemeRequired
pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster. It can optionally contain a APIServerURL and CA to override the values in the fleet-controller’s configmap.stringfalse
kubeConfigSecretNamespaceKubeConfigSecretNamespace is the namespace of the secret containing the kubeconfig for the downstream cluster. If unset, it will be assumed the secret can be found in the namespace that the Cluster object resides within.stringfalse
redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]corev1.EnvVarfalse
agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.GenericMapfalse
agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]corev1.Tolerationfalse
agentAffinityAgentAffinity overrides the default affinity for the cluster’s agent deployment. If this value is nil the default affinity is used.corev1.Affinityfalse
agentResourcesAgentResources sets the resources for the cluster’s agent deployment.corev1.ResourceRequirementsfalse
hostNetworkHostNetwork sets the agent StatefulSet to use hostNetwork: true setting. Allows for provisioning of network related bundles (CNI configuration).boolfalse

Back to Custom Resources

ClusterStatus

FieldDescriptionSchemeRequired
conditions[]genericcondition.GenericConditionfalse
namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \”cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\”stringfalse
summarySummary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource.BundleSummaryfalse
resourceCountsResourceCounts is an aggregate over the GitRepoResourceCounts.GitRepoResourceCountsfalse
readyGitReposReadyGitRepos is the number of gitrepos for this cluster that are ready.inttrue
desiredReadyGitReposDesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready.inttrue
agentEnvVarsHashAgentEnvVarsHash is a hash of the agent’s env vars, used to detect changes.stringfalse
agentPrivateRepoURLAgentPrivateRepoURL is the private repo URL for the agent that is currently used.stringfalse
agentHostNetworkAgentHostNetwork defines observed state of spec.hostNetwork setting that is currently used.boolfalse
agentDeployedGenerationAgentDeployedGeneration is the generation of the agent that is currently deployed.int64false
agentMigratedAgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don’t have this in their status.boolfalse
agentNamespaceMigratedAgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don’t have this in their status.boolfalse
cattleNamespaceMigratedCattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don’t have this in their status.boolfalse
agentAffinityHashAgentAffinityHash is a hash of the agent’s affinity configuration, used to detect changes.stringfalse
agentResourcesHashAgentResourcesHash is a hash of the agent’s resources configuration, used to detect changes.stringfalse
agentTolerationsHashAgentTolerationsHash is a hash of the agent’s tolerations configuration, used to detect changes.stringfalse
agentConfigChangedAgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster.boolfalse
apiServerURLAPIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream.stringfalse
apiServerCAHashAPIServerCAHash is a hash of the upstream API server CA, used to detect changes.stringfalse
agentTLSModeAgentTLSMode supports two values: system-store and strict. If set to system-store, instructs the agent to trust CA bundles from the operating system’s store. If set to strict, then the agent shall only connect to a server which uses the exact CA configured when creating/updating the agent.stringfalse
displayDisplay contains the number of ready bundles, nodes and a summary state.ClusterDisplayfalse
agentAgentStatus contains information about the agent.AgentStatusfalse
garbageCollectionIntervalGarbageCollectionInterval determines how often agents clean up obsolete Helm releases.metav1.Durationfalse

Back to Custom Resources

ClusterGroup

ClusterGroup is a re-usable selector to target a group of clusters.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specClusterGroupSpectrue
statusClusterGroupStatustrue

Back to Custom Resources

ClusterGroupDisplay

FieldDescriptionSchemeRequired
readyClustersReadyClusters is a string in the form \”%d/%d\”, that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
readyBundlesReadyBundles is a string in the form \”%d/%d\”, that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
stateState is a summary state for the cluster group, showing \”NotReady\” if there are non-ready resources.stringfalse

Back to Custom Resources

ClusterGroupList

ClusterGroupList contains a list of ClusterGroup

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]ClusterGrouptrue

Back to Custom Resources

ClusterGroupSpec

FieldDescriptionSchemeRequired
selectorSelector is a label selector, used to select clusters for this group.*metav1.LabelSelectorfalse

Back to Custom Resources

ClusterGroupStatus

FieldDescriptionSchemeRequired
clusterCountClusterCount is the number of clusters in the cluster group.inttrue
nonReadyClusterCountNonReadyClusterCount is the number of clusters that are not ready.inttrue
nonReadyClustersNonReadyClusters is a list of cluster names that are not ready.[]stringfalse
conditionsConditions is a list of conditions and their statuses for the cluster group.[]genericcondition.GenericConditionfalse
summarySummary is a summary of the bundle deployments and their resources in the cluster group.BundleSummaryfalse
displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle’s resources.ClusterGroupDisplayfalse
resourceCountsResourceCounts contains the number of resources in each state over all bundles in the cluster group.GitRepoResourceCountsfalse

Back to Custom Resources

ClusterRegistration

ClusterRegistration is used internally by Fleet and should not be used directly.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specClusterRegistrationSpecfalse
statusClusterRegistrationStatusfalse

Back to Custom Resources

ClusterRegistrationList

ClusterRegistrationList contains a list of ClusterRegistration

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]ClusterRegistrationtrue

Back to Custom Resources

ClusterRegistrationSpec

FieldDescriptionSchemeRequired
clientIDClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID.stringfalse
clientRandomClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name.stringfalse
clusterLabelsClusterLabels are copied to the cluster resource during the registration.map[string]stringfalse

Back to Custom Resources

ClusterRegistrationStatus

FieldDescriptionSchemeRequired
clusterNameClusterName is only set after the registration is being processed by fleet-controller.stringfalse
grantedGranted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings.boolfalse

Back to Custom Resources

ClusterRegistrationToken

ClusterRegistrationToken is used by agents to register a new cluster.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specClusterRegistrationTokenSpecfalse
statusClusterRegistrationTokenStatusfalse

Back to Custom Resources

ClusterRegistrationTokenList

ClusterRegistrationTokenList contains a list of ClusterRegistrationToken

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]ClusterRegistrationTokentrue

Back to Custom Resources

ClusterRegistrationTokenSpec

FieldDescriptionSchemeRequired
ttlTTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted.*metav1.Durationfalse

Back to Custom Resources

ClusterRegistrationTokenStatus

FieldDescriptionSchemeRequired
expiresExpires is the time when the token expires.*metav1.Timefalse
secretNameSecretName is the name of the secret containing the token.stringfalse

Back to Custom Resources

Content

Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
contentContent is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment’s content resource, so the downstream agent can deploy them.[]bytefalse
sha256sumSHA256Sum of the Content fieldstringfalse

Back to Custom Resources

ContentList

ContentList contains a list of Content

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]Contenttrue

Back to Custom Resources

CommitSpec

CommitSpec specifies how to commit changes to the git repository

FieldDescriptionSchemeRequired
authorNameAuthorName gives the name to provide when making a commitstringtrue
authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

Back to Custom Resources

CorrectDrift

FieldDescriptionSchemeRequired
enabledEnabled correct drift if true.boolfalse
forceForce helm rollback with —force option will be used if true. This will try to recreate all resources in the release.boolfalse
keepFailHistoryKeepFailHistory keeps track of failed rollbacks in the helm history.boolfalse

Back to Custom Resources

GitRepo

GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specGitRepoSpecfalse
statusGitRepoStatusfalse

Back to Custom Resources

GitRepoDisplay

FieldDescriptionSchemeRequired
readyBundleDeploymentsReadyBundleDeployments is a string in the form \”%d/%d\”, that describes the number of ready bundledeployments over the total number of bundledeployments.stringfalse
stateState is the state of the GitRepo, e.g. \”GitUpdating\” or the maximal BundleState according to StateRank.stringfalse
messageMessage contains the relevant message from the deployment conditions.stringfalse
errorError is true if a message is present.boolfalse

Back to Custom Resources

GitRepoList

GitRepoList contains a list of GitRepo

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]GitRepotrue

Back to Custom Resources

GitRepoResource

GitRepoResource contains metadata about the resources of a bundle.

FieldDescriptionSchemeRequired
apiVersionAPIVersion is the API version of the resource.stringfalse
kindKind is the k8s kind of the resource.stringfalse
typeType is the type of the resource, e.g. \”apiextensions.k8s.io.customresourcedefinition\” or \”configmap\”.stringfalse
idID is the name of the resource, e.g. \”namespace1/my-config\” or \”backingimagemanagers.storage.io\”.stringfalse
namespaceNamespace of the resource.stringfalse
nameName of the resource.stringfalse
incompleteStateIncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states.boolfalse
stateState is the state of the resource, e.g. \”Unknown\”, \”WaitApplied\”, \”ErrApplied\” or \”Ready\”.stringfalse
errorError is true if any Error in the PerClusterState is true.boolfalse
transitioningTransitioning is true if any Transitioning in the PerClusterState is true.boolfalse
messageMessage is the first message from the PerClusterStates.stringfalse
perClusterStatePerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources.[]ResourcePerClusterStatefalse

Back to Custom Resources

GitRepoResourceCounts

GitRepoResourceCounts contains the number of resources in each state.

FieldDescriptionSchemeRequired
readyReady is the number of ready resources.inttrue
desiredReadyDesiredReady is the number of resources that should be ready.inttrue
waitAppliedWaitApplied is the number of resources that are waiting to be applied.inttrue
modifiedModified is the number of resources that have been modified.inttrue
orphanedOrphaned is the number of orphaned resources.inttrue
missingMissing is the number of missing resources.inttrue
unknownUnknown is the number of resources in an unknown state.inttrue
notReadyNotReady is the number of not ready resources. Resources are not ready if they do not match any other state.inttrue

Back to Custom Resources

GitRepoSpec

FieldDescriptionSchemeRequired
repoRepo is a URL to a git repo to clone and index.stringfalse
branchBranch The git branch to follow.stringfalse
revisionRevision A specific commit or tag to operate on.stringfalse
targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand.stringfalse
clientSecretNameClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \”kubernetes.io/basic-auth\” or \”kubernetes.io/ssh-auth\”.stringfalse
helmSecretNameHelmSecretName contains the auth secret for a private Helm repository.stringfalse
helmSecretNameForPathsHelmSecretNameForPaths contains the auth secret for private Helm repository for each path.stringfalse
helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided.stringfalse
caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo’s certificate.[]bytefalse
insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example [\”charts/\”] will match all folders as a subdirectory of charts/ If empty, \”/\” is the default.[]stringfalse
pausedPaused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync.boolfalse
serviceAccountServiceAccount used in the downstream cluster for deployment.stringfalse
targetsTargets is a list of targets this repo will deploy to.[]GitTargetfalse
pollingIntervalPollingInterval is how often to check git for new updates.metav1.Durationfalse
forceSyncGenerationIncrement this number to force a redeployment of contents from Git.int64false
imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo.metav1.Durationfalse
imageScanCommitCommit specifies how to commit to the git repo when a new image is scanned and written back to git repo.CommitSpecfalse
keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepo.boolfalse
deleteNamespaceDeleteNamespace specifies if the namespace created must be deleted after deleting the GitRepo.boolfalse
correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse
disablePollingDisables git polling. When enabled only webhooks will be used.boolfalse
ociRegistryOCIRegistry specifies the OCI registry related parameters*OCIRegistrySpecfalse

Back to Custom Resources

GitRepoStatus

FieldDescriptionSchemeRequired
observedGenerationObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status.int64true
updateGenerationUpdate generation is the force update generation if spec.forceSyncGeneration is setint64false
commitCommit is the Git commit hash from the last git job run.stringfalse
webhookCommitWebhookCommit is the latest Git commit hash received from a webhookstringfalse
readyClustersReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo.inttrue
desiredReadyClustersDesiredReadyClusters\tis the number of clusters that should be ready for bundles of this GitRepo.inttrue
gitJobStatusGitJobStatus is the status of the last Git job run, e.g. \”Current\” if there was no error.stringfalse
summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
displayDisplay contains a human readable summary of the status.GitRepoDisplayfalse
conditionsConditions is a list of Wrangler conditions that describe the state of the GitRepo.[]genericcondition.GenericConditionfalse
resourcesResources contains metadata about the resources of each bundle.[]GitRepoResourcefalse
resourceCountsResourceCounts contains the number of resources in each state over all bundles.GitRepoResourceCountsfalse
resourceErrorsResourceErrors is a sorted list of errors from the resources.[]stringfalse
lastSyncedImageScanTimeLastSyncedImageScanTime is the time of the last image scan.metav1.Timefalse
lastPollingTriggeredLastPollingTime is the last time the polling check was triggeredmetav1.Timefalse

Back to Custom Resources

GitTarget

GitTarget is a cluster or cluster group to deploy to.

FieldDescriptionSchemeRequired
nameName is the name of this target.stringfalse
clusterNameClusterName is the name of a cluster.stringfalse
clusterSelectorClusterSelector is a label selector to select clusters.metav1.LabelSelectorfalse
clusterGroupClusterGroup is the name of a cluster group in the same namespace as the clusters.stringfalse
clusterGroupSelectorClusterGroupSelector is a label selector to select cluster groups.metav1.LabelSelectorfalse

Back to Custom Resources

OCIRegistrySpec

FieldDescriptionSchemeRequired
referenceReference of the OCI Registrystringfalse
authSecretNameAuthSecretName contains the auth secret where the OCI regristry credentials are stored.stringfalse
basicHTTPBasicHTTP uses HTTP connections to the OCI registry when enabled.boolfalse
insecureSkipTLSInsecureSkipTLS allows connections to OCI registry without certs when enabled.boolfalse

Back to Custom Resources

ResourcePerClusterState

ResourcePerClusterState is generated for each non-ready resource of the bundles.

FieldDescriptionSchemeRequired
stateState is the state of the resource.stringfalse
errorError is true if the resource is in an error state, copied from the bundle’s summary for non-ready resources.boolfalse
transitioningTransitioning is true if the resource is in a transitioning state, copied from the bundle’s summary for non-ready resources.boolfalse
messageMessage combines the messages from the bundle’s summary. Messages are joined with the delimiter ‘;’.stringfalse
patchPatch for modified resources.*GenericMapfalse
clusterIdClusterID is the id of the cluster.stringfalse

Back to Custom Resources

GitRepoRestriction

GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace.

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
defaultServiceAccountDefaultServiceAccount overrides the GitRepo’s default service account.stringfalse
allowedServiceAccountsAllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use.[]stringfalse
allowedRepoPatternsAllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo.[]stringfalse
defaultClientSecretNameDefaultClientSecretName overrides the GitRepo’s default client secret.stringfalse
allowedClientSecretNamesAllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use.[]stringfalse
allowedTargetNamespacesAllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set.[]stringfalse

Back to Custom Resources

GitRepoRestrictionList

GitRepoRestrictionList contains a list of GitRepoRestriction

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]GitRepoRestrictiontrue

Back to Custom Resources

AlphabeticalPolicy

AlphabeticalPolicy specifies a alphabetical ordering policy.

FieldDescriptionSchemeRequired
orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

Back to Custom Resources

ImagePolicyChoice

ImagePolicyChoice is a union of all the types of policy that can be supplied.

FieldDescriptionSchemeRequired
semverSemVer gives a semantic version range to check against the tags available.SemVerPolicyfalse
alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.AlphabeticalPolicyfalse

Back to Custom Resources

ImageScan

FieldDescriptionSchemeRequired
metadatametav1.ObjectMetafalse
specImageScanSpecfalse
statusImageScanStatusfalse

Back to Custom Resources

ImageScanList

ImageScanList contains a list of ImageScan

FieldDescriptionSchemeRequired
metadatametav1.ListMetafalse
items[]ImageScantrue

Back to Custom Resources

ImageScanSpec

API is taken from https://github.com/fluxcd/image-reflector-controller

FieldDescriptionSchemeRequired
tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
gitrepoNameGitRepo reference namestringfalse
imageImage is the name of the image repositorystringfalse
intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

Back to Custom Resources

ImageScanStatus

FieldDescriptionSchemeRequired
conditions[]genericcondition.GenericConditionfalse
lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
latestTagLatest tag is the latest tag filtered by the policystringfalse
latestDigestLatestDigest is the digest of latest tagstringfalse
observedGenerationint64false
canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

Back to Custom Resources

SemVerPolicy

SemVerPolicy specifies a semantic version policy.

FieldDescriptionSchemeRequired
rangeRange gives a semver range for the image tag; the highest version within the range that’s a tag yields the latest image.stringtrue

Back to Custom Resources

FleetYAML

FleetYAML is the top-level structure of the fleet.yaml file. The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into a bundle.

FieldDescriptionSchemeRequired
nameName of the bundle which will be created.stringfalse
labelsLabels are copied to the bundle and can be used in a dependsOn.selector.map[string]stringfalse
BundleSpecBundleSpecfalse
targetCustomizationsTargetCustomizations are used to determine how resources should be modified per target. Targets are evaluated in order and the first one to match a cluster is used for that cluster.[]BundleTargetfalse
imageScansImageScans are optional and used to update container image references in the git repo.[]ImageScanYAMLfalse
overrideTargetsOverrideTargets overrides targets that are defined in the GitRepo resource. If overrideTargets is provided the bundle will not inherit targets from the GitRepo.[]GitTargetfalse

Back to Custom Resources

ImageScanYAML

ImageScanYAML is a single entry in the ImageScan list from fleet.yaml.

FieldDescriptionSchemeRequired
nameName of the image scan. Unused.stringfalse
ImageScanSpecImageScanSpecfalse

Back to Custom Resources