Resolves: #34771
This moves away from relying on discontinued bitnami charts and instead
adds a small mysql chart, a valkey/redis chart and a brief guide update
on how to migrate from one to the other.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Helm chart bumped to v7.0.0.
* Replaced Redis with Valkey as the caching backend and added Valkey
configuration options.
* Added an optional embedded MySQL chart with configurable auth,
persistence, service, and credentials handling.
* **Chores**
* CI now adds the Valkey Helm repository and builds chart dependencies
before templating.
* .gitignore adjusted to only ignore packaged chart archives (*.tgz).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: georgekarrv <1501415+georgekarrv@users.noreply.github.com>
The current example under verify encryption results in an error, as
ENCRYPTED is an unknown column
```
lsblk -o NAME,MOUNTPOINT,TYPE,SIZE,FSUSED,FSTYPE,ENCRYPTED
lsblk: unknown column: ENCRYPTED
```
- https://fleetdm.slack.com/archives/C09JAPRM1EJ/p1777467446591059
Update the enroll hosts guide to use the 3.14.1 version of the WiX
binaries. Attempting to use the 3.11 version results in an error when
passing the `--arch` flag.
Converted comparison tables back to markdown (from html) and used
emoji's for color to make results more clear and still sticking to Fleet
style, approved by MikeT.
Missing entry for existing permissions of Fleet
admins/maintainers/gitops. They can transfer hosts between fleets they
manage (both source and target).
## Summary
- Adds a note under the SCEP section of the Apple MDM setup guide
clarifying that, for manually enrolled devices, MDM is turned off on the
host if SCEP certificate renewal fails, and the user must re-enroll to
restore MDM management.
- This documents already-released behavior.
## Test plan
- [ ] Verify the SCEP section in `articles/apple-mdm-setup.md` reads
correctly and renders properly on the docs site.
Replaces #44512 (which targeted `docs-v4.86.0` and had merge conflicts
when rebased to main).
https://claude.ai/code/session_01WacVBQENufY9uWfb1Aj48W
---
_Generated by [Claude
Code](https://claude.ai/code/session_01WacVBQENufY9uWfb1Aj48W)_
Co-authored-by: Claude <noreply@anthropic.com>
## Summary
- Removes the `articles/industrial-devops.md` case study article from
the website
- No other references to this case study were found in the codebase
(routes, handbook, navigation files, etc.), so only the article file
needed to be deleted
## Changes
- **Deleted:** `articles/industrial-devops.md` — the "Industrial DevOps
company automates endpoint management with Fleet" case study
---
Built for [Irena
Reedy](https://fleetdm.slack.com/archives/D0APYC9R9SL/p1777402086810929?thread_ts=1775761161.561979&cid=D0APYC9R9SL)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Re-merging the AutoPkg documentation that was accidentally merged into
`41856-orbit-connectivity-check` instead of `main` (originally [PR
#44059](https://github.com/fleetdm/fleet/pull/44059), reverted in PR
#44104).
This is a clean cherry-pick of just `articles/autopkg-with-fleet.md`
onto main.
Added instructions for repurposing or re-enrolling a Windows device via
Autopilot to avoid enrollment conflicts.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** #42144
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
## Summary
- Adds the missing "Ingesting custom ADMX templates (ADMXInstall)"
section to the Windows CSP guide
- Covers the full workflow: download ADMX template → ingest via
ADMXInstall URI → configure policies using the ingested definitions
- Includes practical examples using Microsoft Edge as the reference app
- Explains the `{AppName}~Policy~{CategoryPath}/{PolicyName}` LocURI
format
- Shows how to combine ingestion and policy configuration in a single
Fleet profile
- Adds tips for finding category paths and understanding registry key
restrictions
- Fixes a typo (LocURL → LocURI)
The existing guide at line 22 promised to cover ADMXInstall "further on
in this guide" but never delivered. This was called out as a pain point
by a customer who struggled to configure Edge policies via ADMX
ingestion because the documentation gap left them without guidance.
Note: related to customer feedback from a recent call
## Testing
Documentation-only change — no code impact. Verified XML examples are
syntactically correct and consistent with [Microsoft's ADMX ingestion
documentation](https://learn.microsoft.com/en-us/windows/client-management/win32-and-centennial-app-policy-configuration).
Changes:
- Unpublished a case study (I will be reopening a Draft PR to add it)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated styling for case study quote author images
* **Chores**
* Removed Proton case study from customer stories navigation menu and
featured stories section on the customers page
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Add Proton case study for review
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Proton as a featured customer with a case study card on the
customers page, including logo, summary blurb, and link to the full
story.
* Added Proton to the "More customer stories" sidebar for easy
navigation to their case study.
* **Style**
* Case-study author images now render as circular avatars.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: johnjeremiah <jjeremiah@gmail.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Add details on the Identity field, stating that it may not be
required, and that Fleet variables aren't supported yet.
- Clarify which cert to use for the X509 field.
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Updated steps for renewing APNs certificate in MDM section to include
Apple Business Manager.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Clarify the consequences of deleting a host from Fleet, emphasizing the
removal of labels and prevention of pending activity.
Story that will change this:
- https://github.com/fleetdm/fleet/issues/28933
I've included the developer options instructions here, because when I
started testing on Android I believe this was required. But while
testing on a device after a factory reset, I didn't need to enable
developer options.
…form SSO guide
Four fixes to the Deploying Platform SSO with Okta and Fleet guide:
1. Clarified that Fleet's automatic certificate renewal via
$FLEET_VAR_SCEP_RENEWAL_ID works for dynamic Okta SCEP (where Fleet acts
as a proxy) but not for static challenges, which require manual
redeployment before expiry.
2. Updated the Option 1 Important note to reflect that renewal is
automatic when $FLEET_VAR_SCEP_RENEWAL_ID is in the OU field.
3. Updated the Option 1 osquery policy threshold from 14 to 30 days to
align with Fleet's automatic renewal window, so failed renewals are
caught immediately rather than 16 days late.
4. Fixed Option 2 SQL code block where the Important text was
accidentally placed inside the opening ```sql fence, breaking the
article layout. Also updated the Certificate Expiration Notification in
Option 1 from 14 to 30 days for consistency.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
