commit 4299febec3385d4dabd808e364bd76fac23165b0 Author: Andriy Oblivantsev Date: Thu Feb 19 15:57:19 2026 +0000 Init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b959227 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +djinni-007-devops-engineer-flamingo diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6a26ec3 --- /dev/null +++ b/Makefile @@ -0,0 +1,70 @@ +# FleetDM Stack - Local Kubernetes Deployment +# Requires: helm, kubectl, docker; optional: kind or minikube + +RELEASE_NAME ?= fleetdm-stack +NAMESPACE ?= fleetdm +CLUSTER_TYPE ?= kind + +.PHONY: cluster install uninstall deps verify clean + +cluster: + @echo "Creating local Kubernetes cluster ($(CLUSTER_TYPE))..." +ifeq ($(CLUSTER_TYPE),kind) + @command -v kind >/dev/null 2>&1 || { echo "Install kind: https://kind.sigs.k8s.io/"; exit 1; } + kind create cluster --name fleetdm --wait 2m || true + @echo "Installing nginx ingress controller..." + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml + kubectl wait --namespace ingress-nginx --for=condition=ready pod -l app.kubernetes.io/component=controller --timeout=120s +else + @command -v minikube >/dev/null 2>&1 || { echo "Install minikube: https://minikube.sigs.k8s.io/"; exit 1; } + minikube start + minikube addons enable ingress +endif + @echo "Cluster ready. Run 'make install' to deploy FleetDM stack." + +deps: + helm dependency update fleetdm-stack/ + +install: deps + @echo "Creating namespace $(NAMESPACE)..." + kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + @echo "Installing FleetDM stack..." + helm upgrade --install $(RELEASE_NAME) fleetdm-stack/ \ + --namespace $(NAMESPACE) \ + --wait + @echo "Installation complete. Run 'make verify' to check status." + +uninstall: + @echo "Removing FleetDM stack..." + helm uninstall $(RELEASE_NAME) --namespace $(NAMESPACE) || true + kubectl delete namespace $(NAMESPACE) --timeout=120s || true + @echo "Uninstall complete." + +verify: + @echo "Verifying FleetDM, MySQL, and Redis..." + @echo "" + @echo "=== Pods ===" + kubectl get pods -n $(NAMESPACE) -o wide + @echo "" + @echo "=== Services ===" + kubectl get svc -n $(NAMESPACE) + @echo "" + @echo "=== Ingress ===" + kubectl get ingress -n $(NAMESPACE) + @echo "" + @echo "Access Fleet UI:" +ifeq ($(CLUSTER_TYPE),kind) + @echo " Add to /etc/hosts: 127.0.0.1 fleet.localhost" + @echo " Then: curl -H 'Host: fleet.localhost' http://localhost" +else + @echo " minikube tunnel (if needed) then: http://fleet.localhost (add to /etc/hosts)" +endif + +clean: uninstall +ifeq ($(CLUSTER_TYPE),kind) + @echo "Deleting Kind cluster..." + kind delete cluster --name fleetdm || true +else + @echo "Stopping minikube..." + -minikube stop +endif diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/TASKS.md b/TASKS.md new file mode 100644 index 0000000..0d835fa --- /dev/null +++ b/TASKS.md @@ -0,0 +1,88 @@ +# **🦩Flamingo Home Assignment - DevOps Engineer** + +## We’d like to get a sense of how you approach cloud infrastructure, containerization, and deployment automation. This assignment is not tied to Flamingo’s domain; feel free to use any lightweight setup or example application that makes it easier for you to demonstrate your skills. **📌 Practical Part** + +### **Objective** + +#### Package and deploy [**FleetDM**](https://fleetdm.com/) to a local Kubernetes cluster using Helm. + +#### **1. Helm Chart** + +Create a public Helm chart that deploys: + +- FleetDM Server +- MySQL +- Redis + +#### **2. Local cluster** + +Include a `Makefile` with the following targets: + +- `make cluster` — create local cluster (Minikube or Kind) +- `make install` — install the Helm chart +- `make uninstall` — remove all deployed resources + +#### **3. Documentation** + +Provide a `README.md` that includes: + +- Installation & teardown instructions +- Verification steps to confirm FleetDM, MySQL, and Redis are operational + +#### **4. Enhancements** + +- Set up a basic CI pipeline to release new Helm chart versions. +- Expose the FleetDM UI and ensure that FleetDM is reachable by `agents` +- Automatically run `fleet prepare db` on fresh install + +## **📌 Theoretical Part** **Architectural Design Document for “Company Inc.”** + +**Objective** + +1. A **1–2 page, well-structured architectural design document** (PDF or similar). +2. A **High-Level Diagram (HLD)** of the architecture (using draw.io, Lucidchart, etc.) illustrating the overall infrastructure design. + +**Task Overview** + +Company Inc. is a small startup developing a web application and planning to deploy it on a major cloud provider (AWS or GCP). They have limited cloud experience and seek expertise to design a robust, scalable, secure, and cost-effective infrastructure. They are particularly interested in leveraging managed Kubernetes and following best practices. + +### **Application Details** + +- **Type:** Web application with a REST API backend and a single-page application (SPA) frontend. +- **Technology Stack:** Backend: Python/Flask; Frontend: React; Database: MongoDB. +- **Traffic:** Initially low (a few hundred users/day), but expected to grow rapidly to millions of users. +- **Data:** Sensitive user data is handled, requiring strong security measures. +- **Deployment Frequency:** Continuous Integration and Continuous Delivery (CI/CD) is required. + +### **Assignment Requirements** + +#### **1. Cloud Environment Structure** + +- Recommend the optimal number and purpose of AWS accounts / GCP projects for Innovate Inc., considering best practices for isolation, billing, and management. +- Justify the choice of provider and the environmental structure. + +#### **2. Network Design** + +- Design the Virtual Private Cloud (VPC) architecture. +- Describe how the network will be secured (firewalls, security groups, private/public subnets, etc.). + +#### **3. Compute Platform** + +- Detail how managed Kubernetes Service (EKS for AWS / GKE for GCP) will be leveraged to deploy and manage the application. +- Describe the approach to node groups, scaling policies (horizontal & vertical), and resource allocation within the cluster. +- Explain the containerization strategy, including: + - Image building process + - Container registry management + - Deployment pipelines (CI/CD integration) + +#### **4. Database** + +- Recommend the appropriate managed MongoDB service and justify the choice. +- Outline the approach to: + - Automated backups + - High availability (multi-AZ/replicas) + - Disaster recovery strategy + +We value your time and want to gain a clear understanding of how you approach DevOps tasks in a clean, thoughtful, and structured manner. + +**Good luck, and happy deploying\! 🦩** diff --git a/fleetdm-stack/Chart.lock b/fleetdm-stack/Chart.lock new file mode 100644 index 0000000..c31ba99 --- /dev/null +++ b/fleetdm-stack/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: mysql + repository: oci://registry-1.docker.io/bitnamicharts + version: 9.12.5 +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 18.1.6 +- name: fleet + repository: https://fleetdm.github.io/fleet/charts + version: v6.8.0 +digest: sha256:5bcb4888ac713f0aa05e2aee6794db449f26eaa65a6eced2fd7ff48cf7337a52 +generated: "2026-02-19T15:56:34.555441882Z" diff --git a/fleetdm-stack/Chart.yaml b/fleetdm-stack/Chart.yaml new file mode 100644 index 0000000..90101cb --- /dev/null +++ b/fleetdm-stack/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +name: fleetdm-stack +description: FleetDM Server with MySQL and Redis for Kubernetes +type: application +version: 0.1.0 +appVersion: "4.80.1" +keywords: + - fleetdm + - osquery + - device-management +maintainers: + - name: Flamingo Applicant + email: eslider@gmail.com +dependencies: + - name: mysql + version: "9.12.5" + repository: oci://registry-1.docker.io/bitnamicharts + condition: mysql.enabled + - name: redis + version: "18.1.6" + repository: oci://registry-1.docker.io/bitnamicharts + condition: redis.enabled + - name: fleet + version: ">=6.7.0" + repository: https://fleetdm.github.io/fleet/charts + condition: fleet.enabled diff --git a/fleetdm-stack/charts/fleet-v6.8.0.tgz b/fleetdm-stack/charts/fleet-v6.8.0.tgz new file mode 100644 index 0000000..bdd8be9 Binary files /dev/null and b/fleetdm-stack/charts/fleet-v6.8.0.tgz differ diff --git a/fleetdm-stack/charts/mysql-9.12.5.tgz b/fleetdm-stack/charts/mysql-9.12.5.tgz new file mode 100644 index 0000000..0aa4a2f Binary files /dev/null and b/fleetdm-stack/charts/mysql-9.12.5.tgz differ diff --git a/fleetdm-stack/charts/redis-18.1.6.tgz b/fleetdm-stack/charts/redis-18.1.6.tgz new file mode 100644 index 0000000..5927181 Binary files /dev/null and b/fleetdm-stack/charts/redis-18.1.6.tgz differ diff --git a/fleetdm-stack/values.yaml b/fleetdm-stack/values.yaml new file mode 100644 index 0000000..2671005 --- /dev/null +++ b/fleetdm-stack/values.yaml @@ -0,0 +1,92 @@ +# FleetDM Stack - Values for FleetDM Server, MySQL, and Redis +# Deploy with: helm install fleetdm-stack . -n fleetdm -f values.yaml + +global: + namespace: fleetdm + +# MySQL configuration +mysql: + enabled: true + auth: + username: fleet + database: fleet + # Override for production: --set mysql.auth.password=YOUR_SECURE_PASSWORD + password: "fleetdm-local-dev" + image: + # Use bitnamilegacy for compatibility (Bitnami free tier moved) + repository: bitnamilegacy/mysql + tag: "8.0.35-debian-12-r2" + primary: + persistence: + enabled: true + size: 8Gi + +# Redis configuration +redis: + enabled: true + architecture: standalone + auth: + enabled: false + master: + persistence: + enabled: true + size: 1Gi + image: + repository: bitnamilegacy/redis + tag: "7.2.4-debian-12-r12" + commonConfiguration: | + maxmemory 256mb + maxmemory-policy allkeys-lru + +# FleetDM configuration +fleet: + enabled: true + hostName: fleet.localhost + replicas: 1 + imageRepository: fleetdm/fleet + imageTag: v4.80.1 + # Run fleet prepare db on fresh install (autoApplySQLMigrations) + fleet: + autoApplySQLMigrations: true + mysql: + enabled: false + redis: + enabled: false + # Disable TLS for local dev (ingress can terminate TLS if needed) + tls: + enabled: false + # Connect to our MySQL and Redis subcharts + database: + secretName: fleetdm-stack-mysql + address: fleetdm-stack-mysql:3306 + database: fleet + username: fleet + passwordKey: mysql-password + maxOpenConns: 50 + maxIdleConns: 50 + cache: + address: fleetdm-stack-redis-master:6379 + database: "0" + usePassword: false + secretName: "" + passwordKey: "" + # Expose Fleet UI and agent endpoints (reachable by agents) + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "10m" + hosts: + - host: fleet.localhost + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # Reduce resources for local dev + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi