Hey everyone! Is it possible to deploy something like this (https://github.com/rancher/fleet-examples/tree/master/multi-cluster/kustomize) where 2 targets are in the same cluster? e.g.

test

and

dev

being in the same cluster and

prod

in another one. I tried adding both labels to the same cluster but it behaves strangely

I'm trying to automate pausing and un-pausing repos with the api. Anyone know if that's possible? The only documentation I've been able to find for the api is the rancher v3 api but when I look up repos in fleet they're on v1 ie. /v1/fleet.cattle.io.gitrepos

I’ll pose this question again since I asked it a bit ago and the response was soon (TM), and sorry if it sounds mean but it’s rough that this is shipped with Rancher and the level of engagement is so low. Fleet has seemed almost dead since last year which is going on 4 months now with little to none community engagement on issues, PRs, or even here in Slack. I understand that the team has had some shifts and movement, but it’s pretty troubling from an adoption standpoint. Hoping to hear more info such as a roadmap, or something of this nature.

Cluster targeting We need to assign the clusters of a customer to his repo. The following code in the repo definition does not work for me. Is this by design?

targets:
     - clusterName: c-foo33
     - clusterName: c-bar22

Assigning via a cluster group works:

targets:
     - name: location-a
       clusterGroup: location-a
     - name: location-b
       clusterGroup: location-b

Hi, trying to set up the examples from https://fleet.rancher.io/gitrepo-add/ on single-node cluster with k3s, however the redis-slaves does not start and the logs show nothing really, anyone have an idea?

default              frontend-79c77bdcc4-b688c                 1/1     Running            0                71m
default              frontend-79c77bdcc4-lfcnh                 1/1     Running            0                71m
default              frontend-79c77bdcc4-vmhdw                 1/1     Running            0                71m
default              redis-master-85547b7b9-mcwt5              1/1     Running            0                71m
default              redis-slave-8864474db-fzmxv               0/1     CrashLoopBackOff   18 (4m49s ago)   71m
default              redis-slave-8864474db-qfw9j               0/1     CrashLoopBackOff   18 (4m33s ago)   71m
fleet-local          my-repo-e504b--1-z4f7v                    0/2     Completed          0                72m
fleet-system         fleet-agent-96f6f455c-9h47x               1/1     Running            1 (51m ago)      3h25m
fleet-system         fleet-controller-5746685958-nfhzk         1/1     Running            7 (42m ago)      3h26m
fleet-system         gitjob-cc9948fd7-v9sh8                    1/1     Running            1 (51m ago)      3h26m

does anyone have any tips on how to figure out the

diff:

for a helm chart?

How can I fix such an issue

There are no clusters available

using rancher 2.6 and fleet ?

👋 Does anyone know if it’s possible to deploy GitRepos using fleet? As in I need to push GitRepos to the local cluster and have them deployed to the fleet-default namespace.

I have a running local k3s cluster with a Fleet manager that is working, I now wish to add a new cluster to this so I generated the token, used the oneliner to get it into values.yaml and copied it + ca.pem over to the new node. Then I use Helm to install the fleet-agent with values.yaml input file (The value.yaml was originally blank on apiserverCA and URL so I filled that manually.

root@k3s-04-b:~# helm -n fleet-system install --create-namespace --wait \
>     --values values.yaml \
>     fleet-agent <https://github.com/rancher/fleet/releases/download/v0.3.9/fleet-agent-0.3.9.tgz>
NAME: fleet-agent
LAST DEPLOYED: Tue May 31 12:51:02 2022
NAMESPACE: fleet-system
STATUS: deployed
REVISION: 1
TEST SUITE: None

No new clusters showed up on the Fleet manager and the logs states this, I cannot understand why it is complaining or how to fix it. Anyone knows?

root@k3s-04-b:~# kubectl -n fleet-system logs -l app=fleet-agent
time="2022-05-31T10:51:19Z" level=error msg="Failed to register agent: looking up secret fleet-system/fleet-agent-bootstrap: Post \"<https://192.168.20.251:6443/apis/fleet.cattle.io/v1alpha1/namespaces/fleet-clusters-system/clusterregistrations>\": x509: certificate signed by unknown authority"

Any chance there's an update regarding https://github.com/rancher/fleet/issues/344?

I'm trying to manage bundles directly via REST. I discovered the endpoint at

/apis/fleet.cattle.io/v1alpha1/namespaces/fleet-default/bundles/

, but it doesn't seem to be a fully fledged REST API like the main one: I can search for something in the regular Rancher APIs (e.g.

?name=abc

) but I can't seem to do that in the Fleet API. Am I doing something wrong? Any guidance would be greatly appreciated

Hey everyone, I have hit a snag and could use some help or input. So I am managing several clusters with Rancher V 2.6.2 and Fleet V0.3.7. Every cluster is running k3sOS v1.21.5+k3s2. I have had numerous successful deployments with fleet starting from a clean cluster and importing it using the generic template. Stand up cluster in rancher import generic -- add label for cluster group once the cluster finishes it's check in fleet takes over and deploys. On this particular cluster, I started getting a "namespace" not found error on my first bundle. This is particularly strange because the namespace yaml is present in that bundle. We are using k8s resource files directly, and with overlays we have not had a need to migrate to Helm. It seems that Fleet is taking the resource files and applying them as Helm manifests; if this is the case then Helm should see the namespaces and apply that first. and I would assume that Fleet would be treating the bundle as a helm manifest. If Fleet is applying the resources in one go, then k8s should see the namespace manifest and apply it first. If I go in and try to force upgrade in rancher or delete the helm deployment state it keeps getting back to this same state of not being able to find the namespace, retrying several times, and then just giving up with a "no deployed releases" on the bundle.

im happy to provide more details or logs. Just not sure what you might need. IE what is pertinent, and what isnt.

Hello! I have encountered a problem, where git clone is successfull (*s*tep-git-source container is ran successfully) but the next “fleet” container fails:

time="2022-06-08T15:43:31Z" level=fatal msg="open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied"

This is the first time fleet is configured to sync these new downstream k3s clusters. Any ideas whats causing this? Rancher v2.6.3 running in EKS.

Any news on the roadmap of Fleet and the priorities for the Rancher team? This place seems extremely dead and the lack of activity is starting to scare us away from using this product in production and possibly getting paid support in the future. We have had a PR open for 3 months (https://github.com/rancher/fleet/pull/727) with still no news as to when or even if it will be merged.

Anyone experienced a similar issue? Fleet complains with

time="2022-06-16T09:33:20Z" level=fatal msg="Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header"

Hi @clean-spoon-54156 @bulky-appointment-8113! My PR https://github.com/rancher/fleet/pull/786 with the empty values.yaml has been merged a few days ago. Would it be possible for you to release a bugfix release of that helm chart?

Hi! I am trying to use fleet with kustomize. One of my kustomization looks something like this:

apiVersion: <http://kustomize.config.k8s.io/v1beta1|kustomize.config.k8s.io/v1beta1>
kind: Kustomization
namespace: kubeedge
resources:
  - namespace.yaml
  - <https://github.com/edgefarm/edgefarm.core/manifests/kubeedge/cloudcore/?ref=v1.0.0-beta.5>
patches:
 - ./patch-cloudcore-node-affinity.yaml

However, i get the error:

error while running post render on files: accumulating resources: accumulation err='accumulating resources from '../../../../edgefarm.core': 'edgefarm.core' must resolve to a file': recursed accumulation of path 'edgefarm.core': accumulating resources: accumulation err='accumulating resources from '<https://github.com/edgefarm/edgefarm.core/manifests/kubeedge/cloudcore/?ref=v1.0.0-beta.5>': yaml: line 166: mapping values are not allowed in this context': no 'git' program on path: exec: "git": executable file not found in $PATH

It seems that fleet does not understand how to handle the remote target (https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md). Building this using kustomize works just fine:

kustomize build . --enable-helm

Does anyone has an idea to get this working?

does anyone know if the error codes from failed listed anywhere? Some of my deploys are failing with “bad response code: 401” while others are successful.

I have a funky issue where anytime a secret with a similar name of a cluster is put into any namespace in the rancher server cluster Rancher deletes it. Any ideas why, what it's matching the secrets on, and how I might stop it?

How shall I deal with secrets? I have a helm chart which requires a secret and token. I can add them to

fleet.yaml

which are then visible to everyone.

can someone explain how to use the fleet webhook, does the webhook only force the gitrepo to activate (is like a force update) how can I choose which of the different gitrepo I wake up?

I have kustomization.yaml referring remote manifest available over https. vanilla kustomize is able to build such manifest. But fleet fails with: Get “https://raw.githubusercontent.com/kyverno/kyverno/v1.7.1/config/crds/kyverno.io_clusterpolicies.yaml”: dial tcp 185.199.111.133:443: i/o timeout’‘: hit 27s timeout running ‘’/usr/bin/git fetch --depth=1 origin HEAD’'

have anybody used such case? Why fleet’s kustomize is trying to access it over git?

Any ideas why or what am I doing wrong?

Hello I tried to move cluster from fleet-local to another workspace, now it vanished, is there a way to get it back

one project changes one secret after fleet applies it, then it says that resource changed, this is by design, is it possible to annotate that it should ignore this?

Hello, I'm trying to put imagescan for the private docker hub image by mentioning the

secretRef

in fleet.yaml,

secretRef:
  name: docker-hub

Using registry-creds to sync the secret named

docker-hub

across namespace which has the auth to pull private image. I'm able to pull the docker image using the registry-cred's

docker-hub

secret, but getting this error

ImageScan develop is not ready: auth for "<http://index.docker.io|index.docker.io>" not found in secret fleet-default/docker-hub

how did you create a secret?