Init

.gitignore

@@ -0,0 +1 @@
+djinni-007-devops-engineer-flamingo

Makefile

@@ -0,0 +1,70 @@
+# FleetDM Stack - Local Kubernetes Deployment
+# Requires: helm, kubectl, docker; optional: kind or minikube
+
+RELEASE_NAME ?= fleetdm-stack
+NAMESPACE ?= fleetdm
+CLUSTER_TYPE ?= kind
+
+.PHONY: cluster install uninstall deps verify clean
+
+cluster:
+	@echo "Creating local Kubernetes cluster ($(CLUSTER_TYPE))..."
+ifeq ($(CLUSTER_TYPE),kind)
+	@command -v kind >/dev/null 2>&1 || { echo "Install kind: https://kind.sigs.k8s.io/"; exit 1; }
+	kind create cluster --name fleetdm --wait 2m || true
+	@echo "Installing nginx ingress controller..."
+	kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+	kubectl wait --namespace ingress-nginx --for=condition=ready pod -l app.kubernetes.io/component=controller --timeout=120s
+else
+	@command -v minikube >/dev/null 2>&1 || { echo "Install minikube: https://minikube.sigs.k8s.io/"; exit 1; }
+	minikube start
+	minikube addons enable ingress
+endif
+	@echo "Cluster ready. Run 'make install' to deploy FleetDM stack."
+
+deps:
+	helm dependency update fleetdm-stack/
+
+install: deps
+	@echo "Creating namespace $(NAMESPACE)..."
+	kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+	@echo "Installing FleetDM stack..."
+	helm upgrade --install $(RELEASE_NAME) fleetdm-stack/ \
+		--namespace $(NAMESPACE) \
+		--wait
+	@echo "Installation complete. Run 'make verify' to check status."
+
+uninstall:
+	@echo "Removing FleetDM stack..."
+	helm uninstall $(RELEASE_NAME) --namespace $(NAMESPACE) || true
+	kubectl delete namespace $(NAMESPACE) --timeout=120s || true
+	@echo "Uninstall complete."
+
+verify:
+	@echo "Verifying FleetDM, MySQL, and Redis..."
+	@echo ""
+	@echo "=== Pods ==="
+	kubectl get pods -n $(NAMESPACE) -o wide
+	@echo ""
+	@echo "=== Services ==="
+	kubectl get svc -n $(NAMESPACE)
+	@echo ""
+	@echo "=== Ingress ==="
+	kubectl get ingress -n $(NAMESPACE)
+	@echo ""
+	@echo "Access Fleet UI:"
+ifeq ($(CLUSTER_TYPE),kind)
+	@echo "  Add to /etc/hosts: 127.0.0.1 fleet.localhost"
+	@echo "  Then: curl -H 'Host: fleet.localhost' http://localhost"
+else
+	@echo "  minikube tunnel (if needed) then: http://fleet.localhost (add to /etc/hosts)"
+endif
+
+clean: uninstall
+ifeq ($(CLUSTER_TYPE),kind)
+	@echo "Deleting Kind cluster..."
+	kind delete cluster --name fleetdm || true
+else
+	@echo "Stopping minikube..."
+	-minikube stop
+endif

TASKS.md

@@ -0,0 +1,88 @@
+# **🦩Flamingo Home Assignment - DevOps Engineer**
+
+## We’d like to get a sense of how you approach cloud infrastructure, containerization, and deployment automation. This assignment is not tied to Flamingo’s domain; feel free to use any lightweight setup or example application that makes it easier for you to demonstrate your skills. **📌 Practical Part**
+
+### **Objective**
+
+#### Package and deploy [**FleetDM**](https://fleetdm.com/) to a local Kubernetes cluster using Helm.
+
+#### **1. Helm Chart**
+
+Create a public Helm chart that deploys:
+
+- FleetDM Server
+- MySQL
+- Redis
+
+#### **2. Local cluster**
+
+Include a `Makefile` with the following targets:
+
+- `make cluster` — create local cluster (Minikube or Kind)
+- `make install` — install the Helm chart
+- `make uninstall` — remove all deployed resources
+
+#### **3. Documentation**
+
+Provide a `README.md` that includes:
+
+- Installation & teardown instructions
+- Verification steps to confirm FleetDM, MySQL, and Redis are operational
+
+#### **4. Enhancements**
+
+- Set up a basic CI pipeline to release new Helm chart versions.
+- Expose the FleetDM UI and ensure that FleetDM is reachable by `agents`
+- Automatically run `fleet prepare db` on fresh install
+
+## **📌 Theoretical Part** **Architectural Design Document for “Company Inc.”**
+
+**Objective**
+
+1. A **1–2 page, well-structured architectural design document** (PDF or similar).
+2. A **High-Level Diagram (HLD)** of the architecture (using draw.io, Lucidchart, etc.) illustrating the overall infrastructure design.
+
+**Task Overview**
+
+Company Inc. is a small startup developing a web application and planning to deploy it on a major cloud provider (AWS or GCP). They have limited cloud experience and seek expertise to design a robust, scalable, secure, and cost-effective infrastructure. They are particularly interested in leveraging managed Kubernetes and following best practices.
+
+### **Application Details**
+
+- **Type:** Web application with a REST API backend and a single-page application (SPA) frontend.
+- **Technology Stack:** Backend: Python/Flask; Frontend: React; Database: MongoDB.
+- **Traffic:** Initially low (a few hundred users/day), but expected to grow rapidly to millions of users.
+- **Data:** Sensitive user data is handled, requiring strong security measures.
+- **Deployment Frequency:** Continuous Integration and Continuous Delivery (CI/CD) is required.
+
+### **Assignment Requirements**
+
+#### **1. Cloud Environment Structure**
+
+- Recommend the optimal number and purpose of AWS accounts / GCP projects for Innovate Inc., considering best practices for isolation, billing, and management.
+- Justify the choice of provider and the environmental structure.
+
+#### **2. Network Design**
+
+- Design the Virtual Private Cloud (VPC) architecture.
+- Describe how the network will be secured (firewalls, security groups, private/public subnets, etc.).
+
+#### **3. Compute Platform**
+
+- Detail how managed Kubernetes Service (EKS for AWS / GKE for GCP) will be leveraged to deploy and manage the application.
+- Describe the approach to node groups, scaling policies (horizontal & vertical), and resource allocation within the cluster.
+- Explain the containerization strategy, including:
+  - Image building process
+  - Container registry management
+  - Deployment pipelines (CI/CD integration)
+
+#### **4. Database**
+
+- Recommend the appropriate managed MongoDB service and justify the choice.
+- Outline the approach to:
+  - Automated backups
+  - High availability (multi-AZ/replicas)
+  - Disaster recovery strategy
+
+We value your time and want to gain a clear understanding of how you approach DevOps tasks in a clean, thoughtful, and structured manner.
+
+**Good luck, and happy deploying\! 🦩**

fleetdm-stack/Chart.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: mysql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 9.12.5
+- name: redis
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 18.1.6
+- name: fleet
+  repository: https://fleetdm.github.io/fleet/charts
+  version: v6.8.0
+digest: sha256:5bcb4888ac713f0aa05e2aee6794db449f26eaa65a6eced2fd7ff48cf7337a52
+generated: "2026-02-19T15:56:34.555441882Z"

fleetdm-stack/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: fleetdm-stack
+description: FleetDM Server with MySQL and Redis for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "4.80.1"
+keywords:
+  - fleetdm
+  - osquery
+  - device-management
+maintainers:
+  - name: Flamingo Applicant
+    email: eslider@gmail.com
+dependencies:
+  - name: mysql
+    version: "9.12.5"
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: mysql.enabled
+  - name: redis
+    version: "18.1.6"
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: redis.enabled
+  - name: fleet
+    version: ">=6.7.0"
+    repository: https://fleetdm.github.io/fleet/charts
+    condition: fleet.enabled

fleetdm-stack/values.yaml

@@ -0,0 +1,92 @@
+# FleetDM Stack - Values for FleetDM Server, MySQL, and Redis
+# Deploy with: helm install fleetdm-stack . -n fleetdm -f values.yaml
+
+global:
+  namespace: fleetdm
+
+# MySQL configuration
+mysql:
+  enabled: true
+  auth:
+    username: fleet
+    database: fleet
+    # Override for production: --set mysql.auth.password=YOUR_SECURE_PASSWORD
+    password: "fleetdm-local-dev"
+  image:
+    # Use bitnamilegacy for compatibility (Bitnami free tier moved)
+    repository: bitnamilegacy/mysql
+    tag: "8.0.35-debian-12-r2"
+  primary:
+    persistence:
+      enabled: true
+      size: 8Gi
+
+# Redis configuration
+redis:
+  enabled: true
+  architecture: standalone
+  auth:
+    enabled: false
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+  image:
+    repository: bitnamilegacy/redis
+    tag: "7.2.4-debian-12-r12"
+  commonConfiguration: |
+    maxmemory 256mb
+    maxmemory-policy allkeys-lru
+
+# FleetDM configuration
+fleet:
+  enabled: true
+  hostName: fleet.localhost
+  replicas: 1
+  imageRepository: fleetdm/fleet
+  imageTag: v4.80.1
+  # Run fleet prepare db on fresh install (autoApplySQLMigrations)
+  fleet:
+    autoApplySQLMigrations: true
+  mysql:
+    enabled: false
+  redis:
+    enabled: false
+  # Disable TLS for local dev (ingress can terminate TLS if needed)
+  tls:
+    enabled: false
+  # Connect to our MySQL and Redis subcharts
+  database:
+    secretName: fleetdm-stack-mysql
+    address: fleetdm-stack-mysql:3306
+    database: fleet
+    username: fleet
+    passwordKey: mysql-password
+    maxOpenConns: 50
+    maxIdleConns: 50
+  cache:
+    address: fleetdm-stack-redis-master:6379
+    database: "0"
+    usePassword: false
+    secretName: ""
+    passwordKey: ""
+  # Expose Fleet UI and agent endpoints (reachable by agents)
+  ingress:
+    enabled: true
+    className: nginx
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+    hosts:
+      - host: fleet.localhost
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls: []
+  # Reduce resources for local dev
+  resources:
+    limits:
+      cpu: 500m
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 128Mi