Skip to content
/ fleet-gitops Public

Best practice for using Fleet with a GitOps workflow

License

View license
61 stars 49 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fleetdm/fleet-gitops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
.github
.github
 
 
lib
lib
 
 
teams
teams
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
default.yml
default.yml
 
 
gitops.sh
gitops.sh
 
 

Repository files navigation

Fleet GitOps

This is the starter repository for using Fleet with a GitOps workflow.

Why use GitOps?

GitHub setup

  1. Clone the GitHub repository, create your own GitHub repository, and push your clone to your new repo. Note that a workflow will run once and fail because the required variables haven't been added (step 2).

  2. Add FLEET_URL and FLEET_API_TOKEN secrets to your new repository's secrets. Learn how here. Set FLEET_URL to your Fleet instance's URL (ex. https://organization.fleet.com). Create an API-only user with the "GitOps" role and set FLEET_API_TOKEN to your user's API token. If you're using Fleet Free, set the API-only user's role to global admin.

  3. In GitHub, enable the Apply latest configuration to Fleet GitHub Actions workflow, and run workflow manually. Now, when anyone pushes a new commit to the default branch, the action will run and update Fleet. For pull requests, the workflow will do a dry run only.

GitLab setup

  1. Clone the GitLab repository, create your own GitLab repository, and push your clone to your new repo. Note that a pipeline will run once and fail because the required variables haven't been added (step 2).

  2. Add FLEET_URL and FLEET_API_TOKEN as masked CI/CD variables. Learn how here. Set FLEET_URL to your Fleet instance's URL (ex. https://organization.fleet.com). Set FLEET_API_TOKEN to an API token for an API-only user in Fleet. Learn how here, then, grant it the GitOps role via the Settings > Users page so it can make changes.

  3. Now, when anyone pushes a new commit to the default branch, the pipeline will run and update Fleet. For merge requests, the pipeline will do a dry run only.

  4. To ensure your Fleet configuration stays up to date even when there are no new commits, set up a scheduled pipeline:

    • In your GitLab project, go to the left sidebar and navigate to Build > Pipeline schedules. (In some GitLab versions, this may appear as CI/CD > Schedules.)
    • Click Create a new pipeline schedule (or Schedule a new pipeline).
    • Fill in the form:
      • Description: e.g., Daily GitOps sync
      • Cron timezone: e.g., [UTC 0] UTC
      • Interval pattern: e.g., Custom: 0 6 * * * (runs nightly at 6AM UTC)
      • Target branch or tag: your default branch (e.g., main)
    • Click Create pipeline schedule.

Configuration options

For all configuration options, go to the YAML files reference in the Fleet docs.

GitOps mode

Once you're set up with GitOps in Fleet, you can optionally put the UI in GitOps mode. This prevents you from making changes in the UI that would be overridden by GitOps workflows.

An admin can enable GitOps mode in Settings > Integrations > Change management.

Note that this is a UI-only setting. API permissions are restricted based on user role.

About

Best practice for using Fleet with a GitOps workflow

Resources

Readme

License

View license
Activity
Custom properties

Stars

61 stars

Watchers

12 watching

Forks

49 forks
Report repository

Releases

11 tags

Packages

No packages published

Contributors 23
+ 9 contributors

Languages