GitRepo 资源
GitRepo 资源描述了git仓库、如何访问它们以及捆绑包的位置。
该资源的内容对应于GitRepoSpec。 有关如何使用 GitRepo 资源的更多信息,例如如何监视私有仓库,请参见Create a GitRepo Resource。
kind: GitRepo
apiVersion: fleet.cattle.io/v1alpha1
metadata:
# Any name can be used here
name: my-repo
# For single cluster use fleet-local, otherwise use the namespace of
# your choosing
namespace: fleet-local
# Labels are copied to bundles, but not to workloads.
labels:
created-by: fleet
spec:
# This can be a HTTPS or git URL. If you are using a git URL then
# clientSecretName will probably need to be set to supply a credential.
# repo is the only required parameter for a repo to be monitored.
#
repo: https://github.com/rancher/fleet-examples
# Enforce all resources go to this target namespace. If a cluster scoped
# resource is found the deployment will fail.
#
# targetNamespace: app1
# Any branch can be watched, this field is optional. If not specified the
# branch is assumed to be master
#
# branch: master
# A specific commit or tag can also be watched.
#
# revision: v0.3.0
# For a private git repository you must supply a clientSecretName. A default
# secret can be set at the namespace level using the GitRepoRestriction
# type. Secrets must be of the type "kubernetes.io/ssh-auth" or
# "kubernetes.io/basic-auth". The secret is assumed to be in the
# same namespace as the GitRepo
# If no clientSecretName is supplied, Fleet checks for a secret named
# "gitcredential".
#
# clientSecretName: my-ssh-key
# If fleet.yaml contains a private Helm repo that requires authentication,
# provide the credentials in a K8s secret and specify them here.
# Danger: the credentials will be sent to all repositories referenced from
# this gitrepo. See section below for more information.
#
# helmSecretName: my-helm-secret
# Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
# Credentials will always be used if it is empty or not provided
#
# helmRepoURLRegex: https://charts.rancher.io/*
# Contains the auth secret for private Helm repository for each path.
# helmSecretNameForPaths: multi-helm-secret
# To add additional ca-bundle for self-signed certs, caBundle can be
# filled with base64 encoded pem data. For example:
# `cat /path/to/ca.pem | base64 -w 0`
#
# caBundle: my-ca-bundle
# Disable SSL verification for git repo
#
# insecureSkipTLSVerify: true
# A git repo can read multiple paths in a repo at once.
# The below field is expected to be an array of paths and
# supports path globbing (ex: some/*/path)
#
# Example:
# paths:
# - single-path
# - multiple-paths/*
paths:
- simple
# PollingInterval configures how often fleet checks the git repo. The default
# is 15 seconds.
# Setting this to zero does not disable polling. It results in a 15s
# interval, too.
# As checking a git repo incurs a CPU cost, raising this value can help
# lowering fleetcontroller's CPU usage if tens of git repos are used or more
#
# pollingInterval: 15s
# When disablePolling is set to true the git repo won't be checked periodically.
# It will rely on webhooks only.
# disablePolling: false
# Paused causes changes in Git to not be propagated down to the clusters but
# instead mark resources as OutOfSync
#
# paused: false
# Increment this number to force a redeployment of contents from Git
#
# forceSyncGeneration: 0
# Drift correction removes any external change made to resources managed by Fleet. It performs a Helm rollback, which uses
# a three-way merge strategy by default.
# It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating
# an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
# Keep in mind that resources might be recreated if force is enabled.
# Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
#
# correctDrift:
# enabled: false
# force: false #Warning: it might recreate resources if set to true
# keepFailHistory: false
# The service account that will be used to perform this deployment.
# This is the name of the service account that exists in the
# downstream cluster in the cattle-fleet-system namespace. It is assumed
# this service account already exists so it should be created beforehand,
# for instance coming from another git repo registered with
# the {product_name} manager.
# If no service account is configured, {product_name} checks for a service account
# named "fleet-default".
#
# serviceAccount: moreSecureAccountThanClusterAdmin
# DeleteNamespace specifies if the namespace created
# must be deleted after deleting the GitRepo.
# deleteNamespace: false
# Target clusters to deploy to if running Fleet in a multi-cluster
# style. Refer to the "Mapping to Downstream Clusters" docs for
# more information.
# If empty, the "default" cluster group is used.
#
# targets: ...有关详细信息,请参见: