Kolide Fleet provides a server which allows you to manage and orchestrate an osquery deployment across of a set of workstations and servers. For certain use-cases, it makes sense to maintain the configuration and data of an osquery deployment in source-controlled files. It is also desirable to be able to manage these files with a familiar command-line tool. To facilitate this, Kolide Fleet includes a fleetctl
CLI for managing osquery fleets in this way.
For more information, see:
Inspiration for the fleetctl
command-line experience as well as the file format has been principally derived from the Kubernetes container orchestration tool. This is for a few reasons:
- Format Familiarity: At Kolide, we love Kubernetes and we think it is the future of production infrastructure management. We believe that many of the people that use this interface to manage Fleet will also be Kubernetes operators. By using a familiar command-line interface and file format, the cognitive overhead can be reduced since the operator is already familiar with how these tools work and behave.
- Established Best Practices: Kubernetes deployments can easily become very complex. Because of this, Kubernetes operators have an established set of best practices that they often follow when writing and maintaining config files. Some of these best practices and tips are documented on the official Kubernetes website and some are documented by the community. Since the file format and workflow is so similar, we can re-use these best practices when managing Fleet configurations.
The fleetctl
tool is heavily inspired by the kubectl
tool. If you are familiar with kubectl
, this will all feel very familiar to you. If not, some further explanation would likely be helpful.
Fleet exposes the aspects of an osquery deployment as a set of "objects". Objects may be a query, a pack, a set of configuration options, etc. The documentation for Declarative Management of Kubernetes Objects Using Configuration Files says the following about the object lifecycle:
Objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using
kubectl apply
to recursively create and update those objects as needed.
Similarly, Fleet objects can be created, updated, and deleted by storing multiple object configuration files in a directory and using fleetctl apply
to recursively create and update those objects as needed.