fleet
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
image:
2
repository: cgr.dev/chainguard-private/rancher-fleet
3
tag: latest@sha256:dde2a17371062e56c919fcd2cc8fe6c16e0222820506270d0bb50eddf4a8aa3d
4
imagePullPolicy: IfNotPresent
5
agentImage:
6
repository: cgr.dev/chainguard-private/rancher-fleet-agent
7
tag: latest@sha256:393cb8138d5c67c052f885dec80ef4a844a9158babe5c0a703dd11301d1e149b
8
imagePullPolicy: IfNotPresent
9
# For cluster registration the public URL of the Kubernetes API server must be set here
10
# Example: https://example.com:6443
11
apiServerURL: ""
12
# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
13
# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
14
apiServerCA: ""
15
# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
16
# management cluster. True in `system-store` mode, false in `strict` mode.
17
agentTLSMode: "system-store"
18
# A duration string for how often agents should report a heartbeat
19
agentCheckinInterval: "15m"
20
# The amount of time that agents will wait before they clean up old Helm releases.
21
# A non-existent value or 0 will result in an interval of 15 minutes.
22
garbageCollectionInterval: "15m"
23
# Whether you want to allow cluster upon registration to specify their labels.
24
ignoreClusterRegistrationLabels: false
25
# Counts from gitrepo are out of sync with bundleDeployment state.
26
# Just retry in a number of seconds as there is no great way to trigger an event that doesn't cause a loop.
27
# If not set default is 15 seconds.
28
# clusterEnqueueDelay: 120s
29
30
# http[s] proxy server
31
# proxy: http://<username>:<password>@<url>:<port>
32
33
# comma separated list of domains or ip addresses that will not use the proxy
34
noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
35
# The amount of time to wait for a response from the server before canceling the
36
# request. Used to retrieve the latest commit of configured git repositories.
37
# A non-existent value or 0 will result in a timeout of 30 seconds.
38
gitClientTimeout: 30s
39
bootstrap:
40
enabled: true
41
# The namespace that will be autocreated and the local cluster will be registered in
42
namespace: fleet-local
43
# The namespace where the fleet agent for the local cluster will be ran, if empty
44
# this will default to cattle-fleet-system
45
agentNamespace: ""
46
# Apply extra clusterLabels to the local cluster bootstrapped by fleet-controller
47
clusterLabels: {}
48
# A repo to add at install time that will deploy to the local cluster. This allows
49
# one to fully bootstrap fleet, its configuration and all its downstream clusters
50
# in one shot.
51
repo: ""
52
secret: ""
53
branch: master
54
paths: ""
55
global:
56
cattle:
57
systemDefaultRegistry: ""
58
## Node labels for pod assignment
59
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
60
##
61
nodeSelector: {}
62
## List of node taints to tolerate (requires Kubernetes >= 1.6)
63
tolerations: []
64
## Pod affinity for the controllers.
65
affinity: {}
66
# Container resource limits and requests for the controllers
67
resources: {}
68
## Limits and requests for all fleet containers.
69
# limits:
70
# cpu: 8000m
71
# memory: 8Gi
72
# requests:
73
# cpu: 250m
74
# memory: 768Mi
75
#
76
## Set per-component overrides here.
77
## Set to empty object {} to use none rather than the default from above.
78
# fleetController:
79
# limits:
80
# cpu: 8000m
81
# memory: 8Gi
82
# requests:
83
# cpu: 250m
84
# memory: 768Mi
85
# fleetCleanup: {} # none rather than default
86
# fleetAgentmanagement: {} # none rather than default
87
# gitjob: {} # none rather than default
88
# helmops: {} # none rather than default
89
90
## PriorityClassName assigned to deployment.
91
priorityClassName: ""
92
## Determines whether SSH operations (eg. cloning git repos, downloading Helm charts) could succeed if
93
## host verification fails. Insecure when set to true. Default: false.
94
insecureSkipHostKeyChecks: false
95
## Adds hosts to the known_hosts configmap if using a custom git provider for gitrepos
96
additionalKnownHosts: []
97
# Custom entries to be added in SSH known_hosts format (see charts/fleet/templates/configmap_known_hosts.yaml for examples):
98
# - <host>[:port] <key-algorithm> <fingerprint>
99
100
gitops:
101
enabled: true
102
# syncPeriod is used to pick up polling for lost gitrepo events.
103
# It should be larger than the largest gitrepo pollinginterval.
104
syncPeriod: 2h
105
metrics:
106
enabled: true
107
debug: false
108
debugLevel: 0
109
propagateDebugSettingsToAgents: true
110
disableSecurityContext: false
111
migrations:
112
clusterRegistrationCleanup: true
113
gitrepoJobsCleanup: true
114
## Leader election configuration
115
leaderElection:
116
leaseDuration: 30s
117
retryPeriod: 10s
118
renewDeadline: 25s
119
## Fleet controller configuration
120
controller:
121
replicas: 1
122
reconciler:
123
# The number of workers that are allowed to each type of reconciler
124
workers:
125
gitrepo: "50"
126
bundle: "50"
127
bundledeployment: "50"
128
cluster: "50"
129
clustergroup: "50"
130
imagescan: "50"
131
schedule: "50"
132
content: "50"
133
gitjob:
134
replicas: 1
135
helmops:
136
enabled: true
137
replicas: 1
138
# When enabled, the imagescan controller will run to monitor image repositories.
139
# If disabled, config files (e.g. fleet.yaml) containing non-empty imageScan fields will result in errors.
140
# This option may be deprecated in a future release, and imagescan removed.
141
imagescan:
142
enabled: false
143
## Fleet agent configuration
144
agent:
145
replicas: 1
146
reconciler:
147
# The number of workers that are allowed for each type of reconciler
148
workers:
149
bundledeployment: "50"
150
drift: "50"
151
## Leader election configuration
152
leaderElection:
153
leaseDuration: 30s
154
retryPeriod: 10s
155
renewDeadline: 25s
156
157
# Extra environment variables passed to the fleet pods.
158
# extraEnv:
159
# - name: OCI_STORAGE
160
# value: "false"
161
# - name: EXPERIMENTAL_COPY_RESOURCES_DOWNSTREAM
162
# value: "false"
163
164
# shards:
165
# - id: shard0
166
# nodeSelector:
167
# kubernetes.io/hostname: k3d-upstream-server-0
168
# - id: shard1
169
# nodeSelector:
170
# kubernetes.io/hostname: k3d-upstream-server-1
171
# - id: shard2
172
# nodeSelector:
173
# kubernetes.io/hostname: k3d-upstream-server-2
174
175
# Extra labels passed to the fleet pods.
176
# extraLabels:
177
# fleetController:
178
# new-label: "new-label-value"
179
# new-label-2: "new-label-value-2"
180
# gitjob:
181
# new-label: "new-label-value"
182
# new-label-2: "new-label-value-2"
183
# helmops:
184
# new-label: "new-label-value"
185
# new-label-2: "new-label-value-2"
186
187
# Extra annotations passed to the fleet pods.
188
# extraAnnotations:
189
# fleetController:
190
# new-annotation: "new-annotation-value"
191
# new-annotation-2: "new-annotation-value-2"
192
# gitjob:
193
# new-annotation: "new-annotation-value"
194
# new-annotation-2: "new-annotation-value-2"
195
# helmops:
196
# new-annotation: "new-annotation-value"
197
# new-annotation-2: "new-annotation-value-2"
198
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.