mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
Update the apiVersion used in fleetctl files and docs (#1747)
This commit is contained in:
parent
93a346463b
commit
ee0a400a60
@ -50,32 +50,19 @@ Find more information at https://kolide.com/fleet
|
||||
### Workflow
|
||||
|
||||
```bash
|
||||
# Make sure you're currently using the current server (in this case: staging)
|
||||
fleetctl config set-context staging
|
||||
# Make sure you're currently using the current server (in this case: production linux hosts)
|
||||
fleetctl config set-context production-linux
|
||||
|
||||
# Edit the config file (or files) for your Fleet instance (or one of them) and apply the file
|
||||
vim fleet-staging.yml
|
||||
fleetctl apply -f ./fleet-staging.yml
|
||||
vim fleet-linux.yml
|
||||
fleetctl apply -f ./fleet-linux.yml
|
||||
|
||||
# Commit the changes to an upstream source tree
|
||||
git add fleet-staging.yml
|
||||
git commit -m "new changes to staging fleet instance"
|
||||
git add fleet-linux.yml
|
||||
git commit -m "new changes to osquery production linux configuration"
|
||||
git push
|
||||
```
|
||||
|
||||
Alternatively, you can specify the context as a flag for easy use in parallel scripts or instances where you may have many Fleet environments:
|
||||
|
||||
```bash
|
||||
# Edit your Fleet config file
|
||||
vim fleet.yml
|
||||
|
||||
# First apply the configuration to your staging environment for testing
|
||||
fleetctl apply -f ./fleet.yml --context=staging
|
||||
|
||||
# Apply the configuration to both staging and production at the same time
|
||||
fleetctl apply -f ./fleet.yml --context=staging,production
|
||||
```
|
||||
|
||||
## Configuration File Format
|
||||
|
||||
A Fleet configuration is defined using one or more declarative "messages" in yaml syntax. Each message can live in it's own file or multiple in one file, each separated by `---`. Each file/message contains a few required top-level keys:
|
||||
@ -108,7 +95,7 @@ All of these files can be concatenated together into [one file](../../examples/c
|
||||
The following file describes configuration options passed to the osquery instance. All other configuration data will be over-written by the application of this file.
|
||||
|
||||
```yaml
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryOptions
|
||||
spec:
|
||||
config:
|
||||
@ -183,13 +170,13 @@ spec:
|
||||
The following file describes the labels which hosts should be automatically grouped into. The label resource should reference the query by name. Both of these resources can be included in the same file as such:
|
||||
|
||||
```yaml
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: slack_not_running
|
||||
query: slack_not_running
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1/alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: slack_not_running
|
||||
@ -207,7 +194,7 @@ spec:
|
||||
For especially long or complex queries, you may want to define one query in one file. Continued edits and applications to this file will update the query as long as the `metadata.name` does not change. If you want to change the name of a query, you must first create a new query with the new name and then delete the query with the old name. Make sure the old query name is not defined in any packs before deleting it or an error will occur.
|
||||
|
||||
```yaml
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: docker_processes
|
||||
@ -223,7 +210,7 @@ spec:
|
||||
To define multiple queries in a file, concatenate multiple `OsqueryQuery` resources together in a single file with `---`. For example, consider a file that you might store at `queries/osquery_monitoring.yml`:
|
||||
|
||||
```yaml
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_version
|
||||
@ -233,21 +220,21 @@ spec:
|
||||
launcher: 0.3.0
|
||||
osquery: 2.9.0
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_schedule
|
||||
description: Report performance stats for each file in the query schedule.
|
||||
query: select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_info
|
||||
description: A heartbeat counter that reports general performance (CPU, memory) and version.
|
||||
query: select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_events
|
||||
@ -260,7 +247,7 @@ spec:
|
||||
To define query packs, reference queries defined elsewhere by name. This is why the "name" of a query is so important. You can define many of these packs in many files.
|
||||
|
||||
```yaml
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryPack
|
||||
spec:
|
||||
name: osquery_monitoring
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryOptions
|
||||
spec:
|
||||
config:
|
||||
|
@ -1,42 +1,42 @@
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: all_hosts
|
||||
query: always_true
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: macs
|
||||
query: darwin_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: ubuntu
|
||||
query: ubuntu_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: centos
|
||||
query: centos_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: windows
|
||||
query: windows_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
query: pending_updates
|
||||
platforms:
|
||||
- darwin
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
query: slack_not_running
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryPack
|
||||
spec:
|
||||
name: osquery_monitoring
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_version
|
||||
@ -9,29 +9,29 @@ spec:
|
||||
launcher: 0.3.0
|
||||
osquery: 2.9.0
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_schedule
|
||||
description: Report performance stats for each file in the query schedule.
|
||||
query: select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_info
|
||||
description: A heartbeat counter that reports general performance (CPU, memory) and version.
|
||||
query: select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_events
|
||||
description: Report event publisher health and track event counters.
|
||||
query: select name, publisher, type, subscriptions, events, active from osquery_events;
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: docker_processes
|
||||
@ -43,37 +43,37 @@ spec:
|
||||
- linux
|
||||
- darwin
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: hostname
|
||||
query: select hostname from system_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: uuid
|
||||
query: select uuid from osquery_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: instance_id
|
||||
query: select instance_id from system_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: always_true
|
||||
query: select 1;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: pending_updates
|
||||
query: SELECT value from plist where path = "/Library/Preferences/ManagedInstalls.plist" and key = "PendingUpdateCount" and value > "0";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: slack_not_running
|
||||
@ -85,25 +85,25 @@ spec:
|
||||
WHERE name LIKE "%Slack%"
|
||||
);
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: centos_hosts
|
||||
query: select 1 from os_version where platform = "centos";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: ubuntu_hosts
|
||||
query: select 1 from os_version where platform = "ubuntu";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: windows_hosts
|
||||
query: select 1 from os_version where platform = "windows";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: darwin_hosts
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryOptions
|
||||
spec:
|
||||
config:
|
||||
@ -67,49 +67,49 @@ spec:
|
||||
interval:
|
||||
3600: "SELECT total_seconds AS uptime FROM uptime"
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: all_hosts
|
||||
query: always_true
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: macs
|
||||
query: darwin_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: ubuntu
|
||||
query: ubuntu_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: centos
|
||||
query: centos_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
name: windows
|
||||
query: windows_hosts
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
query: pending_updates
|
||||
platforms:
|
||||
- darwin
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryLabel
|
||||
spec:
|
||||
query: slack_not_running
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryPack
|
||||
spec:
|
||||
name: osquery_monitoring
|
||||
@ -134,7 +134,7 @@ spec:
|
||||
interval: 600
|
||||
removed: false
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_version
|
||||
@ -144,29 +144,29 @@ spec:
|
||||
launcher: 0.3.0
|
||||
osquery: 2.9.0
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_schedule
|
||||
description: Report performance stats for each file in the query schedule.
|
||||
query: select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_info
|
||||
description: A heartbeat counter that reports general performance (CPU, memory) and version.
|
||||
query: select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: osquery_events
|
||||
description: Report event publisher health and track event counters.
|
||||
query: select name, publisher, type, subscriptions, events, active from osquery_events;
|
||||
apiVersion: k8s.kolide.com/v1alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: docker_processes
|
||||
@ -178,37 +178,37 @@ spec:
|
||||
- linux
|
||||
- darwin
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: hostname
|
||||
query: select hostname from system_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: uuid
|
||||
query: select uuid from osquery_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: instance_id
|
||||
query: select instance_id from system_info;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: always_true
|
||||
query: select 1;
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: pending_updates
|
||||
query: SELECT value from plist where path = "/Library/Preferences/ManagedInstalls.plist" and key = "PendingUpdateCount" and value > "0";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: slack_not_running
|
||||
@ -220,25 +220,25 @@ spec:
|
||||
WHERE name LIKE "%Slack%"
|
||||
);
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: centos_hosts
|
||||
query: select 1 from os_version where platform = "centos";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: ubuntu_hosts
|
||||
query: select 1 from os_version where platform = "ubuntu";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: windows_hosts
|
||||
query: select 1 from os_version where platform = "windows";
|
||||
---
|
||||
apiVersion: k8s.kolide.com/v1/alpha1
|
||||
apiVersion: kolide.com/v1alpha1
|
||||
kind: OsqueryQuery
|
||||
spec:
|
||||
name: darwin_hosts
|
||||
|
Loading…
Reference in New Issue
Block a user