fleet
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
image:
2
repository: cgr.dev/chainguard-private/rancher-fleet
3
tag: latest@sha256:3e08a387d815853d9136e93cd51728359efdb4551a97417d79e3d0e24b3723a4
4
imagePullPolicy: IfNotPresent
5
agentImage:
6
repository: cgr.dev/chainguard-private/rancher-fleet-agent
7
tag: latest@sha256:c1ea31af5b066fc9a6f670872a8ff7f3797cc581e5d1c44c20f1f58427dd5686
8
imagePullPolicy: IfNotPresent
9
# For cluster registration the public URL of the Kubernetes API server must be set here
10
# Example: https://example.com:6443
11
apiServerURL: ""
12
# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
13
# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
14
apiServerCA: ""
15
# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
16
# management cluster. True in `system-store` mode, false in `strict` mode.
17
agentTLSMode: "system-store"
18
# A duration string for how often agents should report a heartbeat
19
agentCheckinInterval: "15m"
20
# The amount of time that agents will wait before they clean up old Helm releases.
21
# A non-existent value or 0 will result in an interval of 15 minutes.
22
garbageCollectionInterval: "15m"
23
# Whether you want to allow cluster upon registration to specify their labels.
24
ignoreClusterRegistrationLabels: false
25
# Counts from gitrepo are out of sync with bundleDeployment state.
26
# Just retry in a number of seconds as there is no great way to trigger an event that doesn't cause a loop.
27
# If not set default is 15 seconds.
28
# clusterEnqueueDelay: 120s
29
30
# http[s] proxy server
31
# proxy: http://<username>:<password>@<url>:<port>
32
33
# comma separated list of domains or ip addresses that will not use the proxy
34
noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
35
# The amount of time to wait for a response from the server before canceling the
36
# request. Used to retrieve the latest commit of configured git repositories.
37
# A non-existent value or 0 will result in a timeout of 30 seconds.
38
gitClientTimeout: 30s
39
bootstrap:
40
enabled: true
41
# The namespace that will be autocreated and the local cluster will be registered in
42
namespace: fleet-local
43
# The namespace where the fleet agent for the local cluster will be ran, if empty
44
# this will default to cattle-fleet-system
45
agentNamespace: ""
46
# Apply extra clusterLabels to the local cluster bootstrapped by fleet-controller
47
clusterLabels: {}
48
# A repo to add at install time that will deploy to the local cluster. This allows
49
# one to fully bootstrap fleet, its configuration and all its downstream clusters
50
# in one shot.
51
repo: ""
52
secret: ""
53
branch: master
54
paths: ""
55
global:
56
cattle:
57
systemDefaultRegistry: ""
58
## Node labels for pod assignment
59
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
60
##
61
nodeSelector: {}
62
## List of node taints to tolerate (requires Kubernetes >= 1.6)
63
tolerations: []
64
## Pod affinity for the controllers.
65
affinity: {}
66
# Container resource limits and requests for the controllers
67
resources: {}
68
## Limits and requests for all fleet containers.
69
# limits:
70
# cpu: 8000m
71
# memory: 8Gi
72
# requests:
73
# cpu: 250m
74
# memory: 768Mi
75
#
76
## Set per-component overrides here.
77
## Set to empty object {} to use none rather than the default from above.
78
# fleetController:
79
# limits:
80
# cpu: 8000m
81
# memory: 8Gi
82
# requests:
83
# cpu: 250m
84
# memory: 768Mi
85
# fleetCleanup: {} # none rather than default
86
# fleetAgentmanagement: {} # none rather than default
87
# gitjob: {} # none rather than default
88
# helmops: {} # none rather than default
89
90
## PriorityClassName assigned to deployment.
91
priorityClassName: ""
92
## Determines whether SSH operations (eg. cloning git repos, downloading Helm charts) could succeed if
93
## host verification fails. Insecure when set to true. Default: false.
94
insecureSkipHostKeyChecks: false
95
## Adds hosts to the known_hosts configmap if using a custom git provider for gitrepos
96
additionalKnownHosts: []
97
# Custom entries to be added in SSH known_hosts format (see charts/fleet/templates/configmap_known_hosts.yaml for examples):
98
# - <host>[:port] <key-algorithm> <fingerprint>
99
100
gitops:
101
enabled: true
102
# syncPeriod is used to pick up polling for lost gitrepo events.
103
# It should be larger than the largest gitrepo pollinginterval.
104
syncPeriod: 2h
105
metrics:
106
enabled: true
107
debug: false
108
debugLevel: 0
109
propagateDebugSettingsToAgents: true
110
disableSecurityContext: false
111
migrations:
112
clusterRegistrationCleanup: true
113
gitrepoJobsCleanup: true
114
gitrepoHelmURLRegexMigration: true
115
## Leader election configuration
116
leaderElection:
117
leaseDuration: 30s
118
retryPeriod: 10s
119
renewDeadline: 25s
120
## Fleet controller configuration
121
controller:
122
replicas: 1
123
reconciler:
124
# The number of workers that are allowed to each type of reconciler
125
workers:
126
gitrepo: "50"
127
bundle: "50"
128
bundledeployment: "50"
129
cluster: "50"
130
clustergroup: "50"
131
imagescan: "50"
132
schedule: "50"
133
content: "50"
134
gitjob:
135
replicas: 1
136
helmops:
137
enabled: true
138
replicas: 1
139
# When enabled, the imagescan controller will run to monitor image repositories.
140
# If disabled, config files (e.g. fleet.yaml) containing non-empty imageScan fields will result in errors.
141
# This option may be deprecated in a future release, and imagescan removed.
142
imagescan:
143
enabled: false
144
## Fleet agent configuration
145
agent:
146
replicas: 1
147
reconciler:
148
# The number of workers that are allowed for each type of reconciler
149
workers:
150
bundledeployment: "50"
151
drift: "50"
152
## Leader election configuration
153
leaderElection:
154
leaseDuration: 30s
155
retryPeriod: 10s
156
renewDeadline: 25s
157
158
# Extra environment variables passed to the fleet pods.
159
# extraEnv:
160
# - name: OCI_STORAGE
161
# value: "false"
162
# - name: EXPERIMENTAL_COPY_RESOURCES_DOWNSTREAM
163
# value: "false"
164
165
# shards:
166
# - id: shard0
167
# nodeSelector:
168
# kubernetes.io/hostname: k3d-upstream-server-0
169
# - id: shard1
170
# nodeSelector:
171
# kubernetes.io/hostname: k3d-upstream-server-1
172
# - id: shard2
173
# nodeSelector:
174
# kubernetes.io/hostname: k3d-upstream-server-2
175
176
# Extra labels passed to the fleet pods.
177
# extraLabels:
178
# fleetController:
179
# new-label: "new-label-value"
180
# new-label-2: "new-label-value-2"
181
# gitjob:
182
# new-label: "new-label-value"
183
# new-label-2: "new-label-value-2"
184
# helmops:
185
# new-label: "new-label-value"
186
# new-label-2: "new-label-value-2"
187
188
# Extra annotations passed to the fleet pods.
189
# extraAnnotations:
190
# fleetController:
191
# new-annotation: "new-annotation-value"
192
# new-annotation-2: "new-annotation-value-2"
193
# gitjob:
194
# new-annotation: "new-annotation-value"
195
# new-annotation-2: "new-annotation-value-2"
196
# helmops:
197
# new-annotation: "new-annotation-value"
198
# new-annotation-2: "new-annotation-value-2"
199
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.