we are running rancher 2.6.9 and that is fleet 0.4.0 and we are trying to deploy helm charts via fleet. We have a web server (nexus sonatype repository ) that is hosting the tgz files for the helm chart ....traefik. We are getting errors talking about x509 certificate error because the cert on the web server has a custom CA. In the README it gives instruction on how to add secrets. We added the CAcert as a secret create secret -n fleet-default generic helm --from-file="\path to cert\cacerts" , and added the helmSecret directive in the gitrepo object under spec. However I still get the error x509 error. I tried naming the file cacerts, cacert.pem , but fleet still doesnt accept the certificate and therefore does not pull the file. Any help will be appreciated.

Hey, that is a known bug in 0.4.0. We have an in-official release https://github.com/rancher/fleet/releases/tag/v0.4.1 which should fix it, but it’s untested. The fix will be in the next Rancher version (with Fleet 0.4.x). Also Rancher 2.7 is not affected.

Thank you. So we wait till 2.6.10+ . How do we upgrade to 0.41 on fleet?

Rancher 2.6.10 will update Fleet automatically. If you want to test this, for example on a test cluster you could just upgrade fleet via helm. We don’t have well tested instructions on how to do that, but it basically would work like this:

url_crd="<https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz>"
helm upgrade fleet-crd "$url_crd" --wait -n cattle-fleet-system

url="<https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz>"
version="v0.4.1"
helm upgrade fleet "$url" \
  --wait -n cattle-fleet-system \
  --set image.tag="$version" \
  --set agentImage.tag="$version" \
  --reuse-values