We are looking at deploying fleet on our internal Kubernetes but would like the database on AWS RDS Aurora. Has anyone done this and if so could they share how they achieved it? We are not sure how we refer fleet to the AWS database. We can use IRSA for authentication etc but we not sure how to point fleet to the AWS DB

Hi @John Healy! You can specify your MySQL database in the Fleet configuration: https://fleetdm.com/docs/deploying/configuration#my-sql

Thanks @Kathy Satterlee Would the below likely work? Do we need to refer to the AWS RDS database besides this in our code. For example we will helm charts for the web-app and Redis but do we need to reference the AWS database as a dependency there also?

database:
  host: <AMAZON_RDS_ENDPOINT
  port: 3306
  driverClass: 
  dbScheme:
  dbUseSSL: true
  databaseName: <RDS_DATABASE_NAME
  auth:
    database: <RDS_DATABASE_USERNAME>
    username: <RDS_DATABASE_PW>

hey @John Healy, the helm chart that defines how to deploy fleet will need RDS endpoint, username, and password added as environment variables: https://fleetdm.com/docs/deploying/server-installation#deploying-fleet-on-kubernetes notice:

- name: FLEET_MYSQL_ADDRESS
            valueFrom:
              secretKeyRef:
                name: fleet_secrets
                key: mysql_address
          - name: FLEET_MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                name: fleet_secrets
                key: mysql_database
          - name: FLEET_MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: fleet_secrets
                key: mysql_password
          - name: FLEET_MYSQL_USERNAME
            valueFrom:
              secretKeyRef:
                name: fleet_secrets
                key: mysql_username

Thanks @Benjamin Edwards So we have a charts.yaml file that defines the other chart components, so we add the RDS details on there similar to the below?

apiVersion: v2
name: fleetdm
description: For deploying fleet to Kanopy
type: application
version: 0.1.0
appVersion: "4.19.1"

dependencies:
- name: web-app
  alias: server
  version: "4.12.0"
  repository: <https://10gen.github.io/helm-charts>

- name: redis
  alias: cache
  version: "17.0.10"
  repository: <https://charts.bitnami.com/bitnami>

- name: FLEET_MYSQL_ADDRESS
  valueFrom:
    secretKeyRef:
    name: fleet_secrets
    key: mysql_address
- name: FLEET_MYSQL_DATABASE
  valueFrom:
    secretKeyRef:
      name: fleet_secrets
      key: mysql_database
- name: FLEET_MYSQL_PASSWORD
  valueFrom:
    secretKeyRef:
      name: fleet_secrets
      key: mysql_password
- name: FLEET_MYSQL_USERNAME
   valueFrom:
      secretKeyRef:
        name: fleet_secrets
        key: mysql_username

https://osquery.slack.com/archives/C01DXJL16D8/p1674467114543869?thread_ts=1674044872.730929&cid=C01DXJL16D8 Seems like charts.yaml doesn’t like this when deploying Error: cannot load Chart.yaml: error converting YAML to JSON: yaml: line 35: mapping values are not allowed in this context while executing *run.DepUpdate step: exit status 1 Should this be under the Dependencies section? - name: FLEET_MYSQL_ADDRESS valueFrom: secretKeyRef: name: fleet_secrets key: mysql_address - name: FLEET_MYSQL_DATABASE valueFrom: secretKeyRef: name: fleet_secrets key: mysql_database - name: FLEET_MYSQL_PASSWORD valueFrom: secretKeyRef: name: fleet_secrets key: mysql_password - name: FLEET_MYSQL_USERNAME valueFrom: secretKeyRef: name: fleet_secrets key: mysql_username

@Benjamin Edwards and @Kathy Satterlee Any advice here for this error?