fleet.yaml

The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml file is automatically turned into a bundle.

For more information about customizing bundles using fleet.yaml, see Git Repository Contents.

The contents of fleet.yaml correspond to the FleetYAML struct in fleetyaml.go, which contains the BundleSpec. == Full Example

Details
fleet.yaml
# The default namespace to be applied to resources. This field is not used to
# enforce or lock down the deployment to a specific namespace, but instead
# provide the default value of the namespace field if one is not specified in
# the manifests.
#
# Default: default
defaultNamespace: default

# All resources will be assigned to this namespace and if any cluster scoped
# resource exists the deployment will fail.
#
# Default: ""
namespace: default

# namespaceLabels are labels that will be appended to the namespace created by
# Fleet.
namespaceLabels:
  key: value

# namespaceAnnotations are annotations that will be appended to the namespace
# created by Fleet.
namespaceAnnotations:
  key: value

# Name of the bundle. If not specified, the bundle name will be computed based
# on the GitRepo's name, and the path from which the bundle is created.
# Default: ""
name: my-great-bundle

# Optional map of labels, that are set at the bundle and can be used in a
# dependsOn.selector
labels:
  key: value

kustomize:
  # Use a custom folder for kustomize resources. This folder must contain a
  # kustomization.yaml file.
  dir: ./kustomize

helm:

  # These options control how "fleet apply" downloads the chart
  # (See `Helm Options` below for more details)
  #
  chart: ./chart

  # A https URL to a Helm repo to download the chart from. It's typically easier
  # to just use `chart` field and refer to a tgz file.  If repo is used the
  # value of `chart` will be used as the chart name to lookup in the Helm
  # repository.
  repo: https://charts.rancher.io

  # The version of the chart or semver constraint of the chart to find. If a
  # constraint is specified, it is evaluated each time git changes.
  # (See `Helm Options` below for more details)
  version: 0.1.0

  # By default fleet downloads any dependency found in a helm chart.  Use
  # disableDependencyUpdate: true to disable this feature.
  disableDependencyUpdate: false

  ### These options only work for helm-type bundles.
  #
  # Any values that should be placed in the `values.yaml` and passed to helm
  # during install.
  values:

    any-custom: value

    # All labels on Rancher clusters are available using
    # global.fleet.clusterLabels.LABELNAME These can now be accessed directly as
    # variables The variable's value will be an empty string if the referenced
    # cluster label does not exist on the targeted cluster.
    variableName: global.fleet.clusterLabels.LABELNAME

    # See Templating notes below for more information on templating.
    templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"

    valueFromEnv:
      "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }

  # Path to any values files that need to be passed to helm during install.
  valuesFiles:
    - values1.yaml
    - values2.yaml

  # Allow to use values files from configmaps or secrets defined in the
  # downstream clusters.
  valuesFrom:
    - configMapKeyRef:
        name: configmap-values
        # default to namespace of bundle
        namespace: default
        key: values.yaml
    - secretKeyRef:
        name: secret-values
        namespace: default
        key: values.yaml

  ### These options control how fleet-agent deploys the bundle, they also apply
  ### for kustomize- and manifest-style bundles.
  #
  # A custom release name to deploy the chart as. If not specified a release name
  # will be generated by combining the invoking GitRepo.name + GitRepo.path.
  releaseName: my-release
  #
  # Makes helm skip the check for its own annotations
  takeOwnership: false
  #
  # Override immutable resources. This could be dangerous.
  force: false
  #
  # Set the Helm --atomic flag when upgrading
  atomic: false
  #
  # Disable go template pre-processing on the fleet values
  disablePreProcess: false
  #
  # Disable DNS resolution in Helm's template functions
  disableDNS: false
  #
  # Skip evaluation of the values.schema.json file
  skipSchemaValidation: false
  #
  # If set and timeoutSeconds provided, will wait until all Jobs have been
  # completed before marking the GitRepo as ready.  It will wait for as long as
  # timeoutSeconds.
  waitForJobs: true

# A paused bundle will not update downstream clusters but instead mark the bundle
# as OutOfSync. One can then manually confirm that a bundle should be deployed to
# the downstream clusters.
#
# Default: false
paused: false

# If rolloutStrategy is not defined in the fleet.yaml file, Fleet uses default rollout values.
rolloutStrategy:

  # A number or percentage of clusters that can be unavailable during an update
  # of a bundle. This follows the same basic approach as a deployment rollout
  # strategy. Once the number of clusters meets unavailable state update will be
  # paused. Default value is 100% which doesn't take effect on update.
  #
  # default: 100%
  maxUnavailable: 15%

  # A number or percentage of cluster partitions that can be unavailable during
  # an update of a bundle.
  #
  # default: 0
  maxUnavailablePartitions: 20%

  # A number or percentage of how to automatically partition clusters if not
  # specific partitioning strategy is configured.
  # The default value is defined in rolloutStrategy.maxUnavailable
  autoPartitionSize: 10%

  # A list of definitions of partitions.  If any target clusters do not match
  # the configuration they are added to partitions at the end following the
  # autoPartitionSize.
  partitions:

    # A user friend name given to the partition used for Display (optional).
    # default: ""
    - name: canary

      # A number or percentage of clusters that can be unavailable in this
      # partition before this partition is treated as done.
      # default: 10%
      maxUnavailable: 10%

      # Selector matching cluster labels to include in this partition
      clusterSelector:
        matchLabels:
          env: prod

      # OR, if selecting by ClusterGroup labels:
      clusterGroupSelector:
        matchLabels:
          env: prod

      # A cluster group name to include in this partition
      clusterGroup: agroup


# Target customization are used to determine how resources should be modified
# per target Targets are evaluated in order and the first one to match a cluster
# is used for that cluster.
targetCustomizations:

  # The name of target. If not specified a default name of the format
  # "target000" will be used. This value is mostly for display
  - name: prod

    # Custom namespace value overriding the value at the root.
    namespace: newvalue

    # Custom defaultNamespace value overriding the value at the root.
    defaultNamespace: newdefaultvalue

    # Custom kustomize options overriding the options at the root.
    kustomize: {}

    # Custom Helm options override the options at the root.
    helm: {}

    # If using raw YAML these are names that map to overlays/{name} that will be
    # used to replace or patch a resource. If you wish to customize the file
    # ./subdir/resource.yaml then a file
    # ./overlays/myoverlay/subdir/resource.yaml will replace the base file.  A
    # file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the
    # base file.  A patch can in JSON Patch or JSON Merge format or a strategic
    # merge patch for builtin Kubernetes types. Refer to "Raw YAML Resource
    # Customization" below for more information.
    yaml:
      overlays:
        - custom2
        - custom3

    # A selector used to match clusters.  The structure is the standard
    # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is
    # specified, clusterSelector will be used only to further refine the
    # selection after clusterGroupSelector and clusterGroup is evaluated.
    clusterSelector:
      matchLabels:
        env: prod

    # A selector used to match a specific cluster by name. When using Fleet in
    # Rancher, make sure to put the name of the clusters.fleet.cattle.io
    # resource.
    clusterName: dev-cluster

    # A selector used to match cluster groups.
    clusterGroupSelector:
      matchLabels:
        region: us-east

    # A specific clusterGroup by name that will be selected.
    clusterGroup: group1

    # Resources will not be deployed in the matched clusters if doNotDeploy is
    # true.
    doNotDeploy: false

    # Drift correction removes any external change made to resources managed by
    # Fleet.  It performs a helm rollback, which uses a three-way merge strategy
    # by default.  It will try to update all resources by doing a PUT request if
    # force is enabled.  Three-way strategic merge might fail when updating an
    # item inside of an array as it will try to add a new item instead of
    # replacing the existing one.  This can be fixed by using force.  Keep in
    # mind that resources might be recreated if force is enabled.  Failed
    # rollback will be removed from the helm history unless keepFailHistory is
    # set to true.
    correctDrift:
      enabled: false
      force: false # Warning: it might recreate resources if set to true
      keepFailHistory: false

# dependsOn allows you to configure dependencies to other bundles. The current
# bundle will only be deployed, after all dependencies are deployed and in a
# Ready state.
dependsOn:

  # Format:
  #     <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
  #
  # Example:
  #
  #      GitRepo name "one", Bundle path "/multi-cluster/hello-world"
  #      results in "one-multi-cluster-hello-world".
  #
  # Note:
  #
  #   Bundle names are limited to 53 characters long. If longer they will be
  #   shortened:
  #
  #     opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes
  #     opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7
  - name: one-multi-cluster-hello-world

  # Select bundles to depend on based on their label.
  - selector:
      matchLabels:
        app: weak-monkey

# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks
# some conditions in Custom Resources makes the Bundle to be in an error state
# when it shouldn't.
ignore:

  # Conditions to be ignored
  conditions:

    # In this example a condition will be ignored if it contains
    # {"type": "Active", "status", "False"}
    - type: Active
      status: "False"

# Override targets defined in the GitRepo. The Bundle will not have any targets
# from the GitRepo if overrideTargets is provided.
overrideTargets:
  - clusterSelector:
      matchLabels:
        env: dev

General Bundle Configuration

These options define the fundamental properties and behavior of the bundle itself and apply to all bundle types.

Option Description Applies to

paused

If true, the bundle will not be updated on downstream clusters. Instead, it will be marked as OutOfSync. You can then manually approve the deployment.

All

labels

A map of key-value pairs set at the bundle level. These can be used in a dependsOn.selector to define dependencies.

All

dependsOn

A list of bundles that this bundle depends on. The current bundle is deployed only after all dependencies are in a Ready state.

All

ignore

Specifies fields to ignore when monitoring bundle status. Useful for preventing false error states from Custom Resources.

All

overrideTargets

A list of target customizations that override any targets defined in the GitRepo.

All

Namespace Configuration

These options control the Kubernetes namespace where resources will be deployed.

Option Description Applies to

defaultNamespace

Default namespace for resources that don’t specify one.

All

namespace

Assigns all resources in the bundle to this namespace. Fails if any cluster-scoped resources exist.

All

namespaceLabels

Labels to be added to the namespace created by SUSE® Rancher Prime Continuous Delivery.

All

namespaceAnnotations

Annotations to be added to the namespace created by SUSE® Rancher Prime Continuous Delivery.

All

Helm Bundle Configuration

All bundles are deployed using Helm, but these options are specific to Helm-style bundles (those with a Chart.yaml file).

Chart Source

These options specify how to download the chart. The reference can be a local path, go-getter URL, Helm repo, or OCI Helm repo.

Option Description Applies to

helm.chart

The Helm chart location (local path, go-getter URL, or OCI registry).

Helm

helm.repo

URL of a Helm repository.

Helm

helm.version

Chart version or semver constraint. Re-evaluated on every git change.

Helm

helm.disableDependencyUpdate

If true, disables automatic dependency downloads.

Helm

The chart reference can be one of the following:

  • Local path (chart)

  • go-getter URL

  • OCI chart URL (oci://…​)

  • Helm repository (repo + version)

  • OCI Helm repository (repo + version)

helm.chart

Specifies a custom location for the Helm chart. For example: oci://ghcr.io/fleetrepoci/guestbook.

If a secret for the SSH key was defined via helmSecretName, it is injected automatically.

If the fleet.yaml file is located outside the embedded chart’s directory, it must explicitly reference the chart using helm.chart. Otherwise, SUSE® Rancher Prime Continuous Delivery won’t install the chart, and Helm-specific fields like valuesFiles or valuesFrom will have no effect.

Limitation: Downloading Helm charts from Git with custom CA bundles does not work. If a CA bundle is configured in a secret referenced in helmSecretName, it will be ignored. See fleet#3646 for details.

helm.version

Determines which chart to download from OCI registries.

OCI registries do not support the ` character in semver tags. Helm replaces ` with _ automatically when pushing charts. Use the + version in fleet.yaml; SUSE® Rancher Prime Continuous Delivery performs the same replacement internally.

Values

Options for customizing Helm chart values.

Option Description Applies to

helm.values

Key-value pairs passed to Helm as custom values. Supports templating.

Helm

helm.valuesFiles

Paths to values files passed to Helm.

Helm

helm.valuesFrom

Load values from ConfigMaps or Secrets in downstream clusters.

Helm

It is not necessary to specify a chart’s own values.yaml. It is always used by default.

See Using Helm Values for more information.

For value processing stages, refer to Bundle lifecycle.

Values Templating

SUSE® Rancher Prime Continuous Delivery supports Go template expressions for advanced templating needs. See the Sprig template functions for available functions.

Avoid functions that produce random output (for example, uuidv4), as they trigger redeployments.

You can test values templating with the CLI. For more information, refer to fleet-target.

Template context keys:

  • .ClusterValues

  • .ClusterLabels

  • .ClusterAnnotations

  • .ClusterName

  • .ClusterNamespace

Example:

${ get .ClusterLabels "management.cattle.io/cluster-display-name" }

SUSE® Rancher Prime Continuous Delivery templating uses ${ } delimiters (not Helm’s {{ }}). Escape them using backticks:

foo-bar-${`${PWD}`}

Outputs:

foo-bar-${PWD}

When using templating, guard against null values.

Example:

${ if hasKey .ClusterLabels "LABELNAME" }${ .ClusterLabels.LABELNAME }${ else }missing${ end}

Helm Deployment

These options control how SUSE® Rancher Prime Continuous Delivery’s agent deploys resources. They also apply to kustomize- and manifest-style bundles.

Option Description Applies to

helm.releaseName

Custom release name. Defaults to a generated name.

All

helm.takeOwnership

Skip annotation checks.

All

helm.force

Override immutable resources.

All

helm.atomic

Use Helm --atomic flag.

All

helm.waitForJobs

Wait for all Jobs before marking GitRepo as ready.

All

helm.disablePreProcess

Disable Go template preprocessing.

All

helm.disableDNS

Disable DNS resolution in templates.

All

helm.skipSchemaValidation

Skip values.schema.json validation.

All

Kustomize Configuration

Used when deploying from a directory containing a kustomization.yaml file.

Option

Description

Applies to

kustomize.dir

Custom folder for Kustomize resources. Must contain a kustomization.yaml file.

Kustomize

Deployment Strategy (Rollout)

These options control how updates roll out across clusters.

Option Description Applies to

rolloutStrategy.maxUnavailable

Maximum unavailable clusters during update.

All

rolloutStrategy.maxUnavailablePartitions

Maximum unavailable partitions during update.

All

rolloutStrategy.autoPartitionSize

Auto partition size for clusters.

All

rolloutStrategy.partitions

Defines cluster partitions for phased rollouts.

All

For more information, see Rollout Strategies.

Targeting and Customization

These options let you customize deployments for specific clusters or cluster groups.

Option Description Applies to

targetCustomizations

List of rules for modifying resources per target.

All

targetCustomizations.name

Display name for customization.

All

targetCustomizations.clusterSelector

Kubernetes label selector for clusters.

All

targetCustomizations.clusterGroup

Cluster group name to target.

All

targetCustomizations.clusterGroupSelector

Label selector for cluster groups.

All

targetCustomizations.clusterName

Specific cluster name to target.

All

targetCustomizations.doNotDeploy

Prevents deployment to matched clusters.

All

targetCustomizations.namespace

Overrides root-level namespace.

All

targetCustomizations.defaultNamespace

Overrides root-level default namespace.

All

targetCustomizations.helm

Overrides root-level Helm configuration.

All

targetCustomizations.kustomize

Overrides root-level Kustomize configuration.

Kustomize

targetCustomizations.yaml.overlays

Overlay names to replace or patch YAML resources.

Raw YAML

targetCustomizations.correctDrift

Enables drift correction for managed resources.

All

Supported Customizations

Overriding Helm chart versions in target customizations can increase bundle sizes. Because SUSE® Rancher Prime Continuous Delivery stores bundles in etcd, this may exceed etcd’s blob size limit. Refer to fleet#1650 for details.