https://github.com/osquery/osquery logo
Powered by
Title
w

wtheaker

10/03/2019, 5:09 PM
I found this terraform module useful for setting up fleet in fargate last year: https://github.com/davidrecordon/terraform-aws-kolide-fleet It needs a little cleanup but nothing intense
o

OMAR

10/03/2019, 6:00 PM
that's the same one shared above, and it has a few issues. for one, it uses a fork of fleet for twirp support and as a result is 2 years out of date. it also doesn't handle secrets properly, so your tfstate file will contain database credentials, jwt keys, etc. also imo the way it's architected makes monitoring and introspection difficult too. basically it would require a bunch of changes that for me it made more sense to just do it from scratch
what type of work did you do to get it to production?
w

wtheaker

10/03/2019, 6:10 PM
I used the fleet base image since aws added support for tls termination on the alb
I was using terraform enterprise so the tfstate didn't live on my development machine
🤷
aws isn't available to me rn so I'm using docker-compose again
o

OMAR

10/03/2019, 6:13 PM
haha, I've heard of TFE being the solution to a lot of common issues but alas it's not in our budget
w

wtheaker

10/03/2019, 6:16 PM
yeah it's crazy expensive and doesn't support SAML
o

OMAR

10/03/2019, 6:19 PM
> enterprise
> doesn't support SAML
w0t
m

Magneto

10/03/2019, 10:33 PM
errr... what kind of saml?
"Terraform Enterprise is our self-hosted distribution of Terraform Cloud. It offers enterprises a private instance of the Terraform Cloud application, with no resource limits and with additional enterprise-grade architectural features like audit logging and SAML single sign-on."
w

wtheaker

10/03/2019, 11:03 PM
the SaaS version of terraform enterprise is terraform cloud, which doesn't support saml
3 Views
#kolideJoin Slack
Powered by