https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
j

Joe

06/27/2022, 4:06 PM
Hi everyone, is there a seamless way to migrate osquery from a CentOS server to a kubernetes instance?
k

koo

06/27/2022, 4:11 PM
You mean deploying osquery via k8s?
j

Joe

06/27/2022, 4:13 PM
In a sense, yes. We currently have osquery installed on a CentOS server and we're exploring ways possibly utilizing K8s to replace it
This might be a silly question but what is the difference between fleet and osquery? I'm new to both and i'm still learning how they kinda tie in together
j

Jason

06/27/2022, 4:16 PM
Fleet is the orchestrator for osquery, which lives on the endpoint.
The fleet team also provides Orbit which is a wrapper to make deploying osquery easier
I'll let someone from Fleet chime in, but I believe if you just dumped the database from centos and then uploaded it your new database instance, you'd retain the whole config and data
j

Joe

06/27/2022, 4:19 PM
Ohh i see, thank you for that explanation Jason. So in a sense osquery is an agent, is that correct?
k

koo

06/27/2022, 4:19 PM
Fleet helps with deploying osquery at scale which I think is something you want to do currently @Joe We've got a couple of resources on deploying as well as some Terraform files that helps deploying osquery via Fleet
j

Jason

06/27/2022, 4:19 PM
Exactly.
k

koo

06/27/2022, 4:22 PM
One analogy I like to use with reference to osquery and Fleet is how git relates to GitHub. The key difference is that in the case of osquery and Fleet, Fleet let's you host your osquery instance to manage your "fleet" of agents
j

Joe

06/27/2022, 4:28 PM
Ah perfect, thank you both for that information. It definitely makes sense to me now. So @koo is Jason's comments correct? Can i just migrate the DB from my CentOS server and be able to retain all of the config and data?
z

zwass

06/27/2022, 7:34 PM
@Joe hopefully this helps with a bit of a visual example as well: https://fleetdm.com/docs/deploying/introduction
In terms of deployment for the Fleet server, it doesn't matter whether you are running on a container in k8s or a full centos server. If Fleet is provided the configuration to connect to a database then everything will work as expected. Typically folks are using something like AWS RDS MySQL and that can work with Fleet running in either style. So there might not be any database migration you need to do, depending on where your database is currently running.
j

Joe

06/27/2022, 7:41 PM
The visual example and additional information definitely helps @zwass, thank you so much for that.
🚀 2
🍻 2
4 Views
Powered by