Skip to content

Commit

Permalink
Update README.md (#56)
Browse files Browse the repository at this point in the history
  • Loading branch information
@noahtalerman
noahtalerman authored Nov 7, 2024
1 parent c07fe54 commit 9bf5f27
Showing 1 changed file with 7 additions and 43 deletions.
50 changes: 7 additions & 43 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,37 +2,9 @@

This is the starter repository for using [Fleet](https://fleetdm.com) with a GitOps workflow.

## Why use Fleet with GitOps
## GitHub setup

Before getting into [how to set up your GitOps workflow](#how-to-set-up-your-gitops-workflow), here are some good reasons to use Fleet with GitOps:

### Change management
Use CI/CD to streamline and approve changes across security, management, and productivity. With git as the backbone, changes become more reliable and transparent—ensuring consistency, security, and easy tracking, even as things evolve.

### Auditing
Track and audit every change in one system. Know who made changes, when, and why—without being tied to vendor-specific methods. Git commit history records every action, letting you see exactly what changed and who approved it.

### Simplify and secure access
IT admins are prime targets for attacks, yet their tools are often insecure and outdated. Instead of relying on legacy platforms, move to a secure, transparent system: git. With git-based changes, admins can work safely in an already trusted environment. Tools like GitHub or GitLab offer easy-to-use interfaces for those who prefer them.

### Consolidation and reduced learning curve
Rather than relying on multiple teams for tools like Intune or Jamf, build a unified team of OS specialists. By using git for MDM (mobile device management), admins can focus on expertise in macOS, Windows, or Linux—not specific vendor tools. This approach reduces silos, fosters collaboration, and helps teams learn valuable DevOps skills—avoiding reliance on unstable, vendor-specific tools that may raise prices or fade away.

## How to set up your GitOps workflow:

> Calling 'fleetctl gitops' directly is only recommended for experienced users. For documentation, run `fleetctl gitops --help`.
1. Clone this repository.

2. If you do not have a Premium Fleet license, delete the `teams` folder.

3. Make any changes to policies, queries, controls, and more defined in the files.

4. [Set up on GitHub](#set-up-on-github) or [set up on GitLab](#set-up-on-gitlab).

## Set up on GitHub

1. Create your own GitHub repository.
1. Clone the [GitHub repository](https://github.com/fleetdm/fleet-gitops), create your own GitHub repository, and push your clone to your new repo. Note that a workflow will run once and fail because the required variables haven't been added (step 2 and 3).

2. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). Set `FLEET_API_TOKEN` to an API token for an API-only user in Fleet. Learn how [here](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user).

Expand All @@ -43,27 +15,19 @@ Rather than relying on multiple teams for tools like Intune or Jamf, build a uni
# delete-other-teams: false
```

4. Delete `.gitlab-ci.yml`, which is for GitLab CI/CD.
4. In GitHub, enable the `Apply latest configuration to Fleet` GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit to the default branch, the action will run and update Fleet. For pull requests, the workflow will do a dry run only.

5. Push your cloned and modified code to your repo.
## GitLab setup

6. In GitHub, enable the `Apply latest configuration to Fleet` GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit to the default branch, the action will run and update Fleet. For pull requests, the workflow will do a dry run only.

## Set up on GitLab

1. Create your own GitLab repository.
1. Clone the [GitLab repository](https://gitlab.com/fleetdm/fleet-gitops), create your own GitLab repository, and push your clone to your new repo. Note that a pipeline will run once and fail because the required variables haven't been added (step 2 and 3).

2. Add `FLEET_URL` and `FLEET_API_TOKEN` as masked CI/CD variables. Learn how [here](https://docs.gitlab.com/ee/ci/variables/#define-a-cicd-variable-in-the-ui). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). Set `FLEET_API_TOKEN` to an API token for an API-only user in Fleet. Learn how [here](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user).

3. Add `FLEET_GLOBAL_ENROLL_SECRET` secret as a masked CI/CD variable. The enroll secret must be an alphanumeric string of at least 32 and at most 255 characters.
- If you have a Premium Fleet license, also add `FLEET_WORKSTATIONS_ENROLL_SECRET` and `FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET`.

4. Delete `.github` folder, which is for GitHub Actions.

5. Push your cloned and modified code to your repo.

6. Now, when anyone pushes a new commit to the default branch, the pipeline will run and update Fleet. For merge requests, the pipeline will do a dry run only.
5. Now, when anyone pushes a new commit to the default branch, the pipeline will run and update Fleet. For merge requests, the pipeline will do a dry run only.

## Configuration options

For all configuration options, go to [GitOps reference](https://fleetdm.com/docs/using-fleet/gitops) in the Fleet documentation.
For all configuration options, go to the [YAML files reference](https://fleetdm.com/docs/using-fleet/gitops) in the Fleet docs.

0 comments on commit 9bf5f27

Please sign in to comment.