From d5b2bd2aa45409c1872f13765064e882eabef430 Mon Sep 17 00:00:00 2001 From: Andriy Oblivantsev Date: Thu, 19 Feb 2026 19:45:47 +0000 Subject: [PATCH] Update docs: Mermaid diagrams, current verification state - Replace ASCII art with Mermaid in architecture-design-company-inc.md - Rewrite architecture-hld.md with 3 Mermaid diagrams (infra, CI/CD, security) - Remove draw.io/Lucidchart references - Update verification-log.md with current passing state Co-authored-by: Cursor --- docs/architecture-design-company-inc.md | 88 ++++++++------------- docs/architecture-hld.md | 101 ++++++++++++------------ docs/verification-log.md | 60 +++++++++----- 3 files changed, 129 insertions(+), 120 deletions(-) diff --git a/docs/architecture-design-company-inc.md b/docs/architecture-design-company-inc.md index 47f3984..17596d6 100644 --- a/docs/architecture-design-company-inc.md +++ b/docs/architecture-design-company-inc.md @@ -58,23 +58,17 @@ This document outlines a robust, scalable, secure, and cost-effective infrastruc ### 3.3 Network Topology (High-Level) -``` -Internet - | - v -[Cloud Load Balancer] (HTTPS) - | - v -[GKE Ingress Controller] - | - v -[VPC Private Subnets] - | - +-- [GKE Cluster - API Pods] - +-- [GKE Cluster - Frontend Pods] - | - v -[Private connectivity to MongoDB] +```mermaid +flowchart TD + Internet((Internet)) + Internet --> LB[Cloud Load Balancer
HTTPS termination] + LB --> Ingress[GKE Ingress Controller] + + subgraph VPC["VPC — Private Subnets"] + Ingress --> API[API Pods
Python / Flask] + Ingress --> SPA[Frontend Pods
React SPA] + API --> DB[(MongoDB
Private Endpoint)] + end ``` --- @@ -146,43 +140,31 @@ Internet ## 6. High-Level Architecture Diagram -The following diagram illustrates the main components (implement in draw.io or Lucidchart): +```mermaid +flowchart TB + Users((Users)) -``` -+------------------------------------------------------------------+ -| COMPANY INC. INFRASTRUCTURE | -+------------------------------------------------------------------+ + Users --> CDN[Cloud CDN
Static Assets] + Users --> LB[Cloud Load Balancer
HTTPS] - [Users] - | - v -+-------------------+ +-------------------+ -| Cloud CDN | | Cloud LB (HTTPS) | -| (Static Assets) | | (API + SPA) | -+-------------------+ +-------------------+ - | | - v v -+------------------------------------------------------------------+ -| GKE CLUSTER (Private) | -| +------------------+ +------------------+ +-----------------+ | -| | Ingress | | Backend (Flask) | | Frontend (SPA) | | -| | Controller | | - HPA | | - Nginx/React | | -| +------------------+ +------------------+ +-----------------+ | -| | | | | -| +-----------------------+-----------------------+ | -| | | -| +------------------+ +------------------+ | -| | Redis (cache) | | Observability | | -| | (Memorystore) | | (Prometheus/Grafana) | -| +------------------+ +------------------+ | -+------------------------------------------------------------------+ - | - v -+------------------------------------------------------------------+ -| MongoDB Atlas (GCP) | Secret Manager | Artifact Registry | -| - Replica Set | - App secrets | - Container images | -| - Private endpoint | - DB credentials| | -+------------------------------------------------------------------+ + subgraph GKE["GKE Cluster — Private"] + LB --> Ingress[Ingress Controller] + Ingress --> API[Backend — Flask
HPA 2–3 replicas] + Ingress --> SPA[Frontend — React SPA
Nginx] + CDN --> SPA + API --> Redis[Redis
Memorystore] + API --> Obs[Observability
Prometheus / Grafana] + end + + subgraph Data["Managed Services"] + Mongo[(MongoDB Atlas
Replica Set · Private Endpoint)] + Secrets[Secret Manager
App & DB credentials] + Registry[Artifact Registry
Container images] + end + + API --> Mongo + API --> Secrets + GKE --> Registry ``` --- @@ -200,4 +182,4 @@ The following diagram illustrates the main components (implement in draw.io or L --- -*This document should be accompanied by an HLD diagram (draw.io or Lucidchart) reflecting the architecture above.* +*See [architecture-hld.md](architecture-hld.md) for the standalone HLD diagram.* diff --git a/docs/architecture-hld.md b/docs/architecture-hld.md index c6e33ba..c255209 100644 --- a/docs/architecture-hld.md +++ b/docs/architecture-hld.md @@ -1,85 +1,88 @@ # High-Level Architecture Diagram: Company Inc. -Use this as reference when creating your diagram in [draw.io](https://draw.io) or [Lucidchart](https://lucidchart.com). - -## Mermaid Source (for Git-rendered diagrams) +## Cloud Infrastructure (GCP + GKE) ```mermaid flowchart TB - subgraph Internet["Internet"] - Users[Users] + subgraph Internet + Users((Users)) end - subgraph GCP["GCP"] - subgraph Projects["Projects"] + subgraph GCP["Google Cloud Platform"] + subgraph Projects["Project Structure"] Prod[company-inc-prod] Staging[company-inc-staging] Shared[company-inc-shared] + Sandbox[company-inc-sandbox] end - subgraph Networking["Network"] - LB[Cloud Load Balancer
HTTPS] + subgraph Edge["Edge / Networking"] + LB[Cloud Load Balancer
HTTPS · TLS termination] CDN[Cloud CDN
Static Assets] - VPC[VPC - Private Subnets] + NAT[Cloud NAT
Egress] end - subgraph GKE["GKE Cluster (Private)"] - Ingress[Ingress Controller] - subgraph Workloads["Workloads"] - API[Backend - Python/Flask
HPA 2-3 replicas] - SPA[Frontend - React SPA
Nginx] + subgraph VPC["VPC — Private Subnets"] + subgraph GKE["GKE Autopilot Cluster"] + Ingress[Ingress Controller] + subgraph Workloads + API[Backend — Python / Flask
HPA · 2–3 replicas] + SPA[Frontend — React SPA
Nginx] + end + Redis[Redis — Memorystore
Session / Cache] + Monitoring[Prometheus + Grafana
Observability] end - Redis[Redis - Memorystore] end - subgraph Data["Data & Services"] - Mongo[(MongoDB Atlas
Replica Set)] + subgraph Managed["Managed Services"] + Mongo[(MongoDB Atlas
3-node Replica Set
Private Endpoint)] Secrets[Secret Manager] Registry[Artifact Registry] end end + subgraph CICD["CI / CD"] + Git[Git Repository] + Actions[Gitea / GitHub Actions
Build · Test · Scan] + Argo[ArgoCD / Flux
GitOps Deploy] + end + Users --> LB Users --> CDN LB --> Ingress + CDN --> SPA Ingress --> API Ingress --> SPA - CDN --> SPA - API --> Mongo API --> Redis + API --> Mongo API --> Secrets GKE --> Registry + GKE --> NAT + + Git --> Actions + Actions --> Registry + Argo --> GKE ``` -## Draw.io / Lucidchart Layout Guide +## CI / CD Pipeline -### Top Row (External) -- **Users** → Internet +```mermaid +flowchart LR + Dev[Developer] -->|push| Repo[Git Repo] + Repo -->|webhook| CI[CI Pipeline
lint · test · build] + CI -->|push image| Registry[Artifact Registry] + CI -->|update manifests| GitOps[GitOps Repo] + GitOps -->|sync| Argo[ArgoCD / Flux] + Argo -->|deploy| GKE[GKE Cluster] +``` -### Second Row (Edge) -- **Cloud Load Balancer** (HTTPS) -- **Cloud CDN** (for SPA static assets) +## Network Security Layers -### Third Row (GKE) -- **GKE Cluster** (Private) - - Ingress Controller - - Backend (Flask) — 2–3 replicas, HPA - - Frontend (React SPA) - - Redis (Memorystore) - -### Fourth Row (Data) -- **MongoDB Atlas** (Replica Set, private endpoint) -- **Secret Manager** -- **Artifact Registry** - -### Connections -1. Users → LB, Users → CDN -2. LB → Ingress → Backend + Frontend -3. Backend → MongoDB, Redis, Secret Manager -4. GKE → Artifact Registry (image pulls) - -### Colors (suggested) -- External: Light blue -- GCP managed: Light green -- Workloads: Light yellow -- Data: Light orange +```mermaid +flowchart TD + Internet((Internet)) --> FW[VPC Firewall
Default deny] + FW --> LB[Load Balancer
HTTPS only] + LB --> NP[K8s Network Policies] + NP --> Pods[Application Pods
Private IPs only] + Pods --> PE[Private Endpoint
MongoDB Atlas] +``` diff --git a/docs/verification-log.md b/docs/verification-log.md index 9f272a2..2d9cb17 100644 --- a/docs/verification-log.md +++ b/docs/verification-log.md @@ -1,25 +1,49 @@ -``` -Verifying FleetDM, MySQL, and Redis... +# Verification Log +## Local Deployment (`make verify`) + +``` === Pods === -kubectl get pods -n fleetdm -o wide -NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES -fleet-6747fdcc49-ljm2d 0/1 ContainerCreating 0 6m2s fleetdm-control-plane -fleet-migration-rwxnz 0/1 CreateContainerConfigError 0 6m2s 10.244.0.15 fleetdm-control-plane -fleetdm-stack-mysql-0 0/1 ErrImagePull 0 6m2s 10.244.0.17 fleetdm-control-plane -fleetdm-stack-redis-master-0 1/1 Running 0 6m2s 10.244.0.16 fleetdm-control-plane +NAME READY STATUS RESTARTS AGE +fleet-75cbb4fd54-s7csh 1/1 Running 0 153m +fleetdm-stack-mysql-0 1/1 Running 0 166m +fleetdm-stack-redis-master-0 1/1 Running 0 166m === Services === -kubectl get svc -n fleetdm -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -fleetdm-stack-mysql ClusterIP 10.96.140.26 3306/TCP 6m2s -fleetdm-stack-mysql-headless ClusterIP None 3306/TCP 6m2s -fleetdm-stack-redis-headless ClusterIP None 6379/TCP 6m2s -fleetdm-stack-redis-master ClusterIP 10.96.248.50 6379/TCP 6m2s -fleetdm-stack-service ClusterIP 10.96.24.191 8080/TCP 6m2s +NAME TYPE CLUSTER-IP PORT(S) AGE +fleetdm-stack-mysql ClusterIP 10.96.3.64 3306/TCP 166m +fleetdm-stack-mysql-headless ClusterIP None 3306/TCP 166m +fleetdm-stack-redis-headless ClusterIP None 6379/TCP 166m +fleetdm-stack-redis-master ClusterIP 10.96.159.221 6379/TCP 166m +fleetdm-stack-service ClusterIP 10.96.189.212 8080/TCP 166m === Ingress === -kubectl get ingress -n fleetdm -NAME CLASS HOSTS ADDRESS PORTS AGE -fleetdm-stack nginx fleet.localhost localhost 80 6m2s +NAME CLASS HOSTS ADDRESS PORTS AGE +fleetdm-stack nginx fleet.localhost localhost 80 166m +``` + +## Fleet UI Access + +``` +$ curl -sk -o /dev/null -w "%{http_code}" https://localhost:8585/setup +200 +``` + +Fleet setup page loads successfully at `https://localhost:8585` via `make port-forward`. + +## Gitea Actions CI + +| Run | Job | Status | Commit | +| --- | ----------------- | ------- | ---------------------------------------------------- | +| #5 | Lint Helm Chart | success | Fix CI lint: remove head pipe that causes SIGPIPE 141 | +| #5 | Release Helm Chart| skipped | (only triggers on `v*` tags) | + +## Helm Chart + +``` +$ helm lint fleetdm-stack/ +==> Linting fleetdm-stack/ +[INFO] Chart.yaml: icon is recommended + +1 chart(s) linted, 0 chart(s) failed ```