Add initial Helm chart for FleetDM Stack with MySQL and Redis, including README, CI pipeline, and architecture documentation. Update .gitignore for local development files.
This commit is contained in:
@@ -0,0 +1,167 @@
|
||||
# FleetDM Stack — Flamingo DevOps Assignment
|
||||
|
||||
Helm chart deploying **FleetDM Server** with **MySQL** and **Redis** to Kubernetes. Suitable for local development (Kind/Minikube) and adaptable for production.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- [Docker](https://docs.docker.com/get-docker/)
|
||||
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
|
||||
- [Helm 3](https://helm.sh/docs/intro/install/)
|
||||
- **Kind** or **Minikube** for local cluster
|
||||
|
||||
## Quick Start
|
||||
|
||||
```bash
|
||||
# Create local cluster and deploy
|
||||
make cluster
|
||||
make install
|
||||
|
||||
# Verify deployment
|
||||
make verify
|
||||
```
|
||||
|
||||
## Installation
|
||||
|
||||
### 1. Create local cluster
|
||||
|
||||
Creates a Kind or Minikube cluster and installs the nginx ingress controller (Kind) or enables ingress addon (Minikube).
|
||||
|
||||
```bash
|
||||
# Default: Kind
|
||||
make cluster
|
||||
|
||||
# Or use Minikube
|
||||
make cluster CLUSTER_TYPE=minikube
|
||||
```
|
||||
|
||||
### 2. Install the Helm chart
|
||||
|
||||
```bash
|
||||
make install
|
||||
```
|
||||
|
||||
This will:
|
||||
|
||||
- Update Helm dependencies
|
||||
- Create the `fleetdm` namespace
|
||||
- Deploy MySQL, Redis, and FleetDM Server
|
||||
- Run `fleet prepare db` automatically on fresh install (via `autoApplySQLMigrations`)
|
||||
|
||||
### 3. Access Fleet UI
|
||||
|
||||
**Kind:**
|
||||
|
||||
```bash
|
||||
# Add to /etc/hosts (or equivalent)
|
||||
echo "127.0.0.1 fleet.localhost" | sudo tee -a /etc/hosts
|
||||
|
||||
# Access via ingress (ensure ingress-nginx is ready)
|
||||
curl -H "Host: fleet.localhost" http://localhost
|
||||
# Or open http://localhost in a browser with Host: fleet.localhost
|
||||
```
|
||||
|
||||
**Minikube:**
|
||||
|
||||
```bash
|
||||
minikube tunnel
|
||||
# Then add fleet.localhost to /etc/hosts pointing to minikube IP
|
||||
```
|
||||
|
||||
## Teardown
|
||||
|
||||
```bash
|
||||
# Remove Helm release and namespace
|
||||
make uninstall
|
||||
|
||||
# Remove cluster (Kind or Minikube)
|
||||
make clean
|
||||
```
|
||||
|
||||
## Verification
|
||||
|
||||
```bash
|
||||
make verify
|
||||
```
|
||||
|
||||
Verification checklist:
|
||||
|
||||
| Component | Check |
|
||||
|-----------|-------|
|
||||
| **FleetDM** | Pods running; ingress `fleet.localhost` serves Fleet UI |
|
||||
| **MySQL** | `fleetdm-stack-mysql` service; Fleet connects and runs migrations |
|
||||
| **Redis** | `fleetdm-stack-redis-master` service; Fleet uses it for cache |
|
||||
|
||||
### Manual verification
|
||||
|
||||
```bash
|
||||
# Check pods
|
||||
kubectl get pods -n fleetdm
|
||||
|
||||
# Check Fleet migration job (fleet prepare db)
|
||||
kubectl get jobs -n fleetdm
|
||||
|
||||
# Check services
|
||||
kubectl get svc -n fleetdm
|
||||
|
||||
# Fleet logs
|
||||
kubectl logs -n fleetdm -l app=fleet -f
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
| Value | Description | Default |
|
||||
|-------|-------------|---------|
|
||||
| `mysql.auth.password` | MySQL password | `fleetdm-local-dev` |
|
||||
| `fleet.replicas` | Fleet server replicas | `1` |
|
||||
| `fleet.hostName` | Ingress host | `fleet.localhost` |
|
||||
|
||||
Override via `--set` or custom values file:
|
||||
|
||||
```bash
|
||||
helm upgrade --install fleetdm-stack fleetdm-stack/ \
|
||||
-n fleetdm \
|
||||
--set mysql.auth.password=SECURE_PASSWORD
|
||||
```
|
||||
|
||||
## FleetDM agent reachability
|
||||
|
||||
The chart exposes Fleet via ingress so:
|
||||
|
||||
- **Fleet UI** is available at `http://fleet.localhost`
|
||||
- **Agent endpoints** (`/api/v1/osquery/*`, `/api/fleet/orbit/*`, etc.) are reachable under the same host
|
||||
|
||||
For production, configure TLS and ensure agents can reach the Fleet server hostname.
|
||||
|
||||
## Enhancements implemented
|
||||
|
||||
1. **Basic CI pipeline** — GitHub Actions releases new Helm chart versions (see [.github/workflows/release.yaml](.github/workflows/release.yaml))
|
||||
2. **Exposed Fleet UI** — Ingress with `fleet.localhost` for UI and agent enrollment
|
||||
3. **`fleet prepare db`** — Handled by `autoApplySQLMigrations: true` in the Fleet Helm chart
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
tech-task/
|
||||
├── fleetdm-stack/ # Helm chart (FleetDM + MySQL + Redis)
|
||||
│ ├── Chart.yaml
|
||||
│ ├── Chart.lock
|
||||
│ ├── values.yaml
|
||||
│ └── charts/ # Dependencies (run make deps)
|
||||
├── Makefile
|
||||
├── README.md
|
||||
├── .github/workflows/ # CI for Helm chart releases
|
||||
└── docs/ # Theoretical part
|
||||
├── architecture-design-company-inc.md
|
||||
└── architecture-hld.md
|
||||
```
|
||||
|
||||
## Theoretical Part
|
||||
|
||||
The architectural design document for "Company Inc." is in `docs/`:
|
||||
|
||||
- [Architecture Design Document](docs/architecture-design-company-inc.md) — 1–2 page design (convert to PDF for submission)
|
||||
- [High-Level Diagram Reference](docs/architecture-hld.md) — Mermaid source and draw.io guide for HLD
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
|
||||
Reference in New Issue
Block a user