Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
18676 commits 3187 branches 570 tags 2.4 GiB
Commit graph

194 commits

Author SHA1 Message Date
George Karr
611cf8cc2b
Adding changes for Fleet v4.73.2 (#33118) 
Co-authored-by: Luke Heath <luke@fleetdm.com>
 2025-09-24 08:02:17 -05:00
George Karr
a81b0b868e
Adding changes for Fleet v4.73.1 (#32889) (#33116) 2025-09-17 10:38:19 -05:00
Luke Heath
7a6f57bc36
update main 4.72.1 4.73.0 (#32755) 2025-09-11 22:00:41 -05:00
George Karr
ecc173deeb
Adding changes for Fleet v4.72.0 (#31273) (#31975) 2025-08-15 12:31:18 -05:00
Daniel Seifert
2e47a03128
Fix Comment in Helm Charts values.yaml (#31854) 2025-08-13 07:52:15 -05:00
George Karr
7d8f17f53a
gkarr update changelog (#31585) 
- **Adding changes for Fleet v4.71.1 (#31531)**
- **updating changelog**
 2025-08-04 15:41:10 -05:00
Luke Heath
99a0217db6
Adding changes for Fleet v4.71.0 (#30599) (#31198) 2025-07-23 16:04:33 -06:00
George Karr
39e381be96
Adding changes for Fleet v4.70.1 (#30606) (#30733) 
Co-authored-by: Dante Catalfamo
<43040593+dantecatalfamo@users.noreply.github.com>

Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
 2025-07-10 10:57:37 -05:00
Jorge Falcon
93279befef
Incrementing Helm chart (6.6.8) and Fleet version in Helm chart (4.70.0) (#30454) 
- Incrementing Helm chart to 6.6.8
- Incrementing Fleet version to 4.70.0 in Helm chart
 2025-07-01 11:20:52 -04:00
Mohamed Aziz Khayati
324a40d28c
Support more helm environment variables (#30451) 
## Summary
This PR adds support for Windows MDM WSTEP (Simple Certificate
Enrollment Protocol) identity certificates and fixes S3 configuration
for carving and software installers in the Fleet Helm chart.

## Changes

### Windows MDM WSTEP Support
- **Deployment Template (`charts/fleet/templates/deployment.yaml`)**:
- Added `FLEET_MDM_WINDOWS_WSTEP_IDENTITY_CERT_BYTES` environment
variable
- Added `FLEET_MDM_WINDOWS_WSTEP_IDENTITY_KEY_BYTES` environment
variable
- Both variables load certificate data from Kubernetes secrets using
`valueFrom.secretKeyRef`
- Added conditional logic to only set variables when
`fleet.mdm.windows.wstepIdentityCertKey` is non-empty

- **Values Configuration (`charts/fleet/values.yaml`)**:
  - Added `fleet.mdm.windows.wstepIdentityCertKey: ""` configuration key
  - Added `fleet.mdm.windows.wstepIdentityKeyKey: ""` configuration key
  - Both default to empty strings for backward compatibility

### S3 Configuration Fixes
- **Fixed S3 support for custom buckets**: Added support for S3 Endpoint
URL & Force S3 Path style environemtal variables.
- **Added S3 support for software installers**: Added complete S3
configuration structure under `fleet.softwareInstallers.s3`

## Configuration

### Windows MDM WSTEP
```yaml
fleet:  # New
  mdm:
    windows:
      wstepIdentityCertKey: "wstep-identity-cert"  # Secret key containing the certificate
      wstepIdentityKeyKey: "wstep-identity-key"    # Secret key containing the private key
  
fleet:
  carving:
    s3:
      ...
      endpointURL: ""  # New
      forceS3PathStyle: false  # New

  softwareInstallers: # New
    s3:
      bucketName: "fleet-installers-bucket"
      prefix: "installers/"
      accessKeyID: "your-access-key"
      secretKey: "software-installers"
      endpointURL: ""
      forceS3PathStyle: false
      stsAssumeRoleARN: ""
```
 2025-07-01 10:19:37 -04:00
Jorge Falcon
bc08109ff1
Helm Chart - MySQL Read Replica environment variable support (#30099) 
- Added support for configuring read only replicas via values.yaml
- Added support for read only replica environment variables in
deployment.yaml and cron-vulnprocessing.yaml
 2025-06-18 15:45:54 -04:00
Luke Heath
653291c6b4
Prepare Fleet v4.69.0 (#30024) 2025-06-16 10:43:20 -05:00
Jorge Falcon
5ae5897e51
Adding/Modifying Fleet helm chart to include additional labels for deployment and selector labels for service (#29828) 
Closes #29710 

- Added label `component: fleet-server` to deployment.yaml under labels
and matchLabels
- Added label `component: fleet-server` to service.yaml under selector
 2025-06-09 10:53:44 -04:00
George Karr
dd78f230b8
Adding changes for Fleet v4.68.1 (#29705) 
Co-authored-by: Jorge Falcon <22119513+BCTBB@users.noreply.github.com>
 2025-06-06 09:06:33 -05:00
Jorge Falcon
88296aee24
Incrementing Helm Chart versions (#29713) 
- Incrementing fleet/Chart.yaml version 6.6.3 -> 6.6.4
- Incrementing tuf/Chart.yaml version 0.1.0 -> 0.1.1
 2025-06-03 11:00:52 -04:00
Oleksandr Palamarchuk
4a411c3703
Set empty TLS secrets by default instead of referencing non-existent ones from the config (#29688) 
This change fixes nginx errors regarding non-existent config:

e.g.:
```
W0602 09:49:37.725821       7 controller.go:1720] Error getting SSL certificate "fleetdm/chart-example-tls": local SSL certificate fleetdm/chart-example-tls was not found
```

```
➜  ~ k describe ingress fleetdm -n fleetdm
Name:             fleetdm
....
Ingress Class:    nginx
Default backend:  <default>
TLS:
  chart-example-tls terminates chart-example.local
Rules:
```

This approach is simpler than requiring everyone to set tls: [] in their
values file.
 2025-06-03 10:22:57 -04:00
Jorge Falcon
96cb81666a
Check if runAsUser and/or runAsGroup are not supplied in In Fleet Helm Chart Values (#29588) 
Add logic around runAsUser and runAsGroup to Fleet Helm Chart
- Resolves #29460 
- Added to deployment, migration, and cronjob for vulnprocessing.
 2025-05-29 14:32:30 -04:00
Luke Heath
45742e946f
Adding changes for Fleet v4.68.0 (#28800) 2025-05-22 11:47:40 -05:00
Luke Heath
c247a2b784
Prepare Fleet v4.67.3 (#28883) 2025-05-06 15:29:34 -05:00
Phillip Boushy
157c9a8405
Add imagePullSecrets option to Helm Chart (#28783) 
- Resolves #28776
- Includes example in values.yaml
- Added to deployment, migration, and cronjob for vulnprocessing

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Manual QA for all new/changed functionality

---------

Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
 2025-05-02 17:56:42 -05:00
Luke Heath
c2a6c9febe
Catch up 4.67.2 (#28780) 2025-05-02 15:48:29 -05:00
Luke Heath
7a20a24cbe
Adding changes for Fleet v4.67.0 (#28129) 2025-04-24 16:05:58 -05:00
Luke Heath
9b73f629b2
Adding changes for Fleet v4.66.0 (#27407) 2025-04-04 14:02:20 -05:00
Robert Fairburn
45bfbb7db7
Allow container UID/GID to be specified in helm values.yaml (#27778) 2025-04-02 10:17:52 -05:00
Luke Heath
d7f6ddb6d0
Adding changes for Fleet v4.65.0 (#26698) (#27166) 2025-03-18 11:18:10 -05:00
Luke Heath
df60b75f2e
Adding changes for Fleet v4.64.2 (#26850) (#26857) 2025-03-05 11:40:16 -06:00
George Karr
4a03051c10
Adding changes for Fleet v4.64.1 (#26491) 2025-02-20 19:39:26 -06:00
George Karr
076fe894c5
Adding changes for Fleet v4.63.1 (#26471) 2025-02-20 10:02:42 -06:00
Robert Fairburn
d5317ab753
Increment helm chart version (#26090) 2025-02-05 14:39:54 -06:00
Luke Heath
5e83ba6cc8
Adding changes for Fleet v4.63.0 (#25433) 2025-02-04 13:55:00 -06:00
Phillip Boushy
c1fb4e7b68
Helm Chart: Move vulnerability processing to be a cronjob by default (#25488) 
The existing helm chart is designed to run vulnerability processing on
every container, which requires 4Gi/container.
However, the default for the helm chart is for each container to have a
maximum of 1Gi.

This change switches the default so that vulnerability processing is
disabled in the deployment, and moves vulnerability processing to a
dedicated cronjob that runs 1/day at 1am. (I didn't make that
configurable...)

A few items I think are important to call out:
1. I have commented out alot of environment variables in the cronjob
that existed in the migration and deployment because I don't think
they're required, but I wanted one of you to review and actually say
that they're not necessary.
2. I did not include anything related to osquery or exposing the server
to clients in this since it's not meant to handle clients, just
vulnerability processing.
3. I believe I did everything to make sure cloudSQL will work, but it
should be tested.

# Checklist for submitter
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
 2025-02-04 09:31:45 -06:00
George Karr
9e5ecfb1bc
Adding changes for Fleet v4.62.3 (#25768) 
Co-authored-by: Robert Fairburn <8029478+rfairburn@users.noreply.github.com>
 2025-01-29 07:49:45 -06:00
Luke Heath
ce012687cc
Adding changes for Fleet v4.62.2 (#25564) 2025-01-17 14:55:09 -06:00
Fred Dubois
239db41d16
fix: properly indent service annotations (#25388) 
When then was more than 1 annotation on the service, it would not be
properly indented.

```
$ cat test-values.yaml 
serviceAnnotations:
  foo: bar
  bar: baz
  baz: qux
$ helm template fleet . -f test-values.yaml --show-only templates/service.yaml
---
# Source: fleet/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: fleet
    chart: fleet
    heritage: Helm
    release: fleet
  annotations:
    bar: baz
    baz: qux
    foo: bar
  name: fleet-service
  namespace: fleet
spec:
  selector:
    app: fleet
    chart: fleet
    heritage: Helm
    release: fleet
  ports:
  - name: fleet
    port: 8080
    targetPort: 8080
```

before:

```
$ git checkout main
$ helm template fleet . -f test-values.yaml --show-only templates/service.yaml
---
# Source: fleet/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: fleet
    chart: fleet
    heritage: Helm
    release: fleet
  annotations:
    bar: baz
  baz: qux
  foo: bar
  name: fleet-service
  namespace: fleet
spec:
  selector:
    app: fleet
    chart: fleet
    heritage: Helm
    release: fleet
  ports:
  - name: fleet
    port: 8080
    targetPort: 8080
 2025-01-15 11:02:57 -06:00
George Karr
a672ff8f1d
Adding changes for Fleet v4.62.1 (#25417) 2025-01-14 15:19:54 -06:00
Luke Heath
4cca22384d
Adding changes for Fleet v4.62.0 (#25092) 
Ready for review.
 2025-01-13 16:23:26 -06:00
Luke Heath
ace2fa3f9f
Adding changes for Fleet v4.61.0 (#24407) (#24904) 2024-12-19 10:09:22 -06:00
Robert Fairburn
acdc526d1b
Initial support for helm cloudsql proxy in migrations (#24412) 
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
 2024-12-18 11:44:32 -06:00
faelau
ce84d4800c
Add service annotations to Helm Chart (#24459) 2024-12-09 13:19:22 -06:00
George Karr
d0cb6b8629
Adding changes for Fleet v4.60.1 (#24332) 2024-12-04 18:16:27 -06:00
Luke Heath
b312bb99e5
Adding changes for Fleet v4.60.0 (#23817) (#24294) 2024-12-03 10:03:37 -06:00
Luke Heath
22ff5013e8
Adding changes for Fleet v4.59.1 (#23862) (#23929) 2024-11-18 16:30:23 -06:00
Luke Heath
ae92a7036f
Adding changes for Fleet v4.59.0 (#23292) (#23731) 2024-11-13 13:39:53 -06:00
Luke Heath
fdaf7be3ad
Prepare Fleet v4.58.0 (#22961) 2024-10-17 17:53:46 -05:00
Sebastien Termeau
e918aa4366
Helm Chart: Added ability to specify extra annotations to the SQLMigration job (#22781) 
Added the ability to add extra annotations to the SQL migration job

This is required for ArgoCD to properly handle the Job after it has been
deleted
See
https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks/#hook-deletion-policies
 2024-10-17 09:08:16 -05:00
Luke Heath
8979e8ff1b
Prepare Fleet v4.57.3 (#22869) (#22871) 2024-10-11 14:42:16 -05:00
George Karr
96771f46f4
Adding changes for Fleet v4.57.2 (#22599) 2024-10-04 10:21:46 -05:00
George Karr
f7fc22d766
Adding changes for Fleet v4.57.1 (#22537) 2024-10-01 10:37:19 -05:00
Luke Heath
c51c20a10b
Adding changes for Fleet v4.57.0 (#22109) (#22327) 2024-09-23 19:02:23 -05:00
Luke Heath
42b322e666
Fix changelog 4.56.0 (#21895) (#21901) 2024-09-11 10:19:01 -05:00