This is the starter repository for using Fleet with a GitOps workflow.
How to set up your GitOps workflow:
-
Clone this repository.
-
If you do not have a Premium Fleet license, delete the
teams
folder. -
Make any changes to policies, queries, controls, and more defined in the files.
-
Create your own GitHub repository.
-
Add
FLEET_URL
andFLEET_API_TOKEN
secrets to your new repository's secrets. Learn how here. SetFLEET_URL
to your Fleet instance's URL (ex. https://organization.fleet.com). SetFLEET_API_TOKEN
to an API token for an API-only user in Fleet. Learn how here. -
Add
FLEET_GLOBAL_ENROLL_SECRET
secret to your new repository's secrets. The enroll secret must be an alphanumeric string of at least 32 and at most 255 characters.- If you have a Premium Fleet license, also add
FLEET_WORKSTATIONS_ENROLL_SECRET
andFLEET_WORKSTATIONS_CANARY_ENROLL_SECRET
.
- If you have a Premium Fleet license, also add
-
Delete
.gitlab-ci.yml
, which is for GitLab CI/CD. -
Push your cloned and modified code to your repo.
-
In GitHub, enable the
Apply latest configuration to Fleet
GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit to the default branch, the action will run and update Fleet. For pull requests, the workflow will do a dry run only.
-
Create your own GitLab repository.
-
Add
FLEET_URL
andFLEET_API_TOKEN
as masked CI/CD variables. Learn how here. SetFLEET_URL
to your Fleet instance's URL (ex. https://organization.fleet.com). SetFLEET_API_TOKEN
to an API token for an API-only user in Fleet. Learn how here. -
Add
FLEET_GLOBAL_ENROLL_SECRET
secret as a masked CI/CD variable. The enroll secret must be an alphanumeric string of at least 32 and at most 255 characters.- If you have a Premium Fleet license, also add
FLEET_WORKSTATIONS_ENROLL_SECRET
andFLEET_WORKSTATIONS_CANARY_ENROLL_SECRET
.
- If you have a Premium Fleet license, also add
-
Delete
.github
folder, which is for GitHub Actions. -
Push your cloned and modified code to your repo.
-
Now, when anyone pushes a new commit to the default branch, the pipeline will run and update Fleet. For merge requests, the pipeline will do a dry run only.
For all configuration options, go to GitOps reference in the Fleet documentation.