Open dherder opened 1 year ago
+1 helpful to initial setup of fleet and to make sure configurations in CI/CD pipeline match those that are in Fleet.
make sure configurations in CI/CD pipeline match those that are in Fleet.
Hey @dherder and @zacharysfisher, the plan is to address these problems by hooking you up w/ Fleet's best practice GitOps.
This story tracks the ongoing work to get the best practice GitOps workflow working: https://github.com/fleetdm/fleet/issues/13643
Maybe we need this fleetctl get policies
command for existing users to migrate to GitOps?
E.g. I have 100 policies I have created on the UI, how do I generate the .yml with all the policies to start using the GitOps flow? (Maybe this is documented but I cannot find it.)
@noahtalerman I understand that there's a potential workaround with adding API to fleetctl
but we should consider adding an option to retrieve policies using fleetctl
with a command similar to
fleetctl get policies --yaml --name "💻🐣Workstations (canary)"
We also have 2 yaml formats now -- spec and gitops
I have 100 policies I have created on the UI, how do I generate the .yml with all the policies to start using the GitOps flow?
Hey @spokanemac and @lucasmrod did this problem come up when dogfooding Fleet in your calendar? Or dogfooding something else?
I have 100 policies I have created on the UI, how do I generate the .yml with all the policies to start using the GitOps flow?
(Sorry for the confusion, this is a hypothetical scenario.)
I'm trying to coalesce policies for CIS Benchmarks for a prospect and I cannot do this without the ability to retrieve policies via something like fleetctl get policies. @noahtalerman can you tell me how to do this with gitops as it is blocking a current evaluation with prospect-lysthia?
@dherder, we want to convert CIS policies to GitOps format.
User story is here: https://github.com/fleetdm/fleet/issues/17913
Let's discuss during our call today.
@dherder do you think we can close this one? We decided to convert the policies to GitOps format and use Fleet's best practice GitOps (instead of fleetctl apply
)
I'm confused, wouldn't you still need to "get" the policies for initial configuration, even if you were intending to use them in a gitops workflow?
I'm trying to coalesce policies for CIS Benchmarks for a prospect
wouldn't you still need to "get" the policies for initial configuration, even if you were intending to use them in a gitops workflow?
@dherder if we're adding CIS policies for a prospect I think the answer is no.
If we convert CIS policies to GitOps format (story here), then we can apply these policies to a team in Fleet w/o needed to "get" the policies.
I walk through what I think the workflow will look like in a Loom here.
@noahtalerman Beyond CIS benchmark policies, the ability to call fleetctl
to get the policies remains something we could use. I've had several instances where I would want to export policies ahead of a gitops workflow to ensure we have every policy in the gitops repo.
I think I can use the new fleetctl api command to get the policies. But not having parity between fleetctl and the api just seems wrong, almost bug-like.
where I would want to export policies ahead of a gitops workflow to ensure we have every policy in the gitops repo.
Ah, it's like a migrate to GitOps tool we're after.
Hey @sharon-fdm, I'm doing some organizing on the drafting board. Did this story miss yesterday's estimation? It's still in "Settled."
cc @rachaelshaw
@noahtalerman @rachaelshaw What YAML format should be returned -- gitops or apply?
What YAML format should be returned -- gitops or apply?
@getvictor fleetctl apply
YAML format.
customer-pingali
uses fleetctl apply
for GitOps (instead of the new best practice). @ksatter and @Patagonia121 please correct me if I'm wrong.
Hey team! Please add your planning poker estimate with Zenhub @getvictor @lucasmrod @mostlikelee
I might be able to take this ticket if we're short on BE folks.
Hey @Patagonia121 and @dherder heads up that this didn't make it into the upcoming engineering sprint (4.46) because we didn't have enough engineering capacity.
Check out the 4.46 milestone to see what made it instead.
Please let @zayhanlon or I know if this request is a high priority for the business so that it can be evaluated at the next feature fest accordingly: https://fleetdm.com/handbook/company/product-groups#how-feature-requests-are-evaluated
I'm also happy to discuss at the next product office hours.
Goal
fleetctl get policies
Context
Changes
Product
fleetctl get policies
command (see Figma above)fleetctl get policies --yaml
should return policies infleetctl apply
formatfleetctl get queries
to matchget policies
responses (see Figma above)Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation