eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Update docs: Mermaid diagrams, current verification state
Helm Chart CI & Release / Lint Helm Chart (push) Successful in 9s
Details
Helm Chart CI & Release / Release Helm Chart (push) Has been skipped
Details

Browse Source 
- Replace ASCII art with Mermaid in architecture-design-company-inc.md
- Rewrite architecture-hld.md with 3 Mermaid diagrams (infra, CI/CD, security)
- Remove draw.io/Lucidchart references
- Update verification-log.md with current passing state

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Andrey
2026-02-19 19:45:47 +00:00
parent 2ee57f0093
commit d5b2bd2aa4
3 changed files with 129 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/architecture-design-company-inc.md
+35 -53
View File
@@ -58,23 +58,17 @@ This document outlines a robust, scalable, secure, and cost-effective infrastruc
### 3.3 Network Topology (High-Level) ### 3.3 Network Topology (High-Level)
``` ```mermaid
Internet flowchart TD
| Internet((Internet))
v Internet --> LB[Cloud Load Balancer<br/>HTTPS termination]
[Cloud Load Balancer] (HTTPS) LB --> Ingress[GKE Ingress Controller]
|
v subgraph VPC["VPC — Private Subnets"]
[GKE Ingress Controller] Ingress --> API[API Pods<br/>Python / Flask]
| Ingress --> SPA[Frontend Pods<br/>React SPA]
v API --> DB[(MongoDB<br/>Private Endpoint)]
[VPC Private Subnets] end
|
+-- [GKE Cluster - API Pods]
+-- [GKE Cluster - Frontend Pods]
|
v
[Private connectivity to MongoDB]
``` ```
--- ---
@@ -146,43 +140,31 @@ Internet
## 6. High-Level Architecture Diagram ## 6. High-Level Architecture Diagram
The following diagram illustrates the main components (implement in draw.io or Lucidchart): ```mermaid
flowchart TB
Users((Users))
``` Users --> CDN[Cloud CDN<br/>Static Assets]
+------------------------------------------------------------------+ Users --> LB[Cloud Load Balancer<br/>HTTPS]
| COMPANY INC. INFRASTRUCTURE |
+------------------------------------------------------------------+
[Users] subgraph GKE["GKE Cluster — Private"]
| LB --> Ingress[Ingress Controller]
v Ingress --> API[Backend — Flask<br/>HPA 23 replicas]
+-------------------+ +-------------------+ Ingress --> SPA[Frontend — React SPA<br/>Nginx]
| Cloud CDN | | Cloud LB (HTTPS) | CDN --> SPA
| (Static Assets) | | (API + SPA) | API --> Redis[Redis<br/>Memorystore]
+-------------------+ +-------------------+ API --> Obs[Observability<br/>Prometheus / Grafana]
| | end
v v
+------------------------------------------------------------------+ subgraph Data["Managed Services"]
| GKE CLUSTER (Private) | Mongo[(MongoDB Atlas<br/>Replica Set · Private Endpoint)]
| +------------------+ +------------------+ +-----------------+ | Secrets[Secret Manager<br/>App & DB credentials]
| | Ingress | | Backend (Flask) | | Frontend (SPA) | | Registry[Artifact Registry<br/>Container images]
| | Controller | | - HPA | | - Nginx/React | | end
| +------------------+ +------------------+ +-----------------+ |
| | | | | API --> Mongo
| +-----------------------+-----------------------+ | API --> Secrets
| | | GKE --> Registry
| +------------------+ +------------------+ |
| | Redis (cache) | | Observability | |
| | (Memorystore) | | (Prometheus/Grafana) |
| +------------------+ +------------------+ |
+------------------------------------------------------------------+
|
v
+------------------------------------------------------------------+
| MongoDB Atlas (GCP) | Secret Manager | Artifact Registry |
| - Replica Set | - App secrets | - Container images |
| - Private endpoint | - DB credentials| |
+------------------------------------------------------------------+
``` ```
--- ---
@@ -200,4 +182,4 @@ The following diagram illustrates the main components (implement in draw.io or L
--- ---
*This document should be accompanied by an HLD diagram (draw.io or Lucidchart) reflecting the architecture above.* *See [architecture-hld.md](architecture-hld.md) for the standalone HLD diagram.*
docs/architecture-hld.md
+52 -49
View File
@@ -1,85 +1,88 @@
# High-Level Architecture Diagram: Company Inc. # High-Level Architecture Diagram: Company Inc.
Use this as reference when creating your diagram in [draw.io](https://draw.io) or [Lucidchart](https://lucidchart.com). ## Cloud Infrastructure (GCP + GKE)
## Mermaid Source (for Git-rendered diagrams)
```mermaid ```mermaid
flowchart TB flowchart TB
subgraph Internet["Internet"] subgraph Internet
Users[Users] Users((Users))
end end
subgraph GCP["GCP"] subgraph GCP["Google Cloud Platform"]
subgraph Projects["Projects"] subgraph Projects["Project Structure"]
Prod[company-inc-prod] Prod[company-inc-prod]
Staging[company-inc-staging] Staging[company-inc-staging]
Shared[company-inc-shared] Shared[company-inc-shared]
Sandbox[company-inc-sandbox]
end end
subgraph Networking["Network"] subgraph Edge["Edge / Networking"]
LB[Cloud Load Balancer<br/>HTTPS] LB[Cloud Load Balancer<br/>HTTPS · TLS termination]
CDN[Cloud CDN<br/>Static Assets] CDN[Cloud CDN<br/>Static Assets]
VPC[VPC - Private Subnets] NAT[Cloud NAT<br/>Egress]
end end
subgraph GKE["GKE Cluster (Private)"] subgraph VPC["VPC — Private Subnets"]
Ingress[Ingress Controller] subgraph GKE["GKE Autopilot Cluster"]
subgraph Workloads["Workloads"] Ingress[Ingress Controller]
API[Backend - Python/Flask<br/>HPA 2-3 replicas] subgraph Workloads
SPA[Frontend - React SPA<br/>Nginx] API[Backend — Python / Flask<br/>HPA · 23 replicas]
SPA[Frontend — React SPA<br/>Nginx]
end
Redis[Redis — Memorystore<br/>Session / Cache]
Monitoring[Prometheus + Grafana<br/>Observability]
end end
Redis[Redis - Memorystore]
end end
subgraph Data["Data & Services"] subgraph Managed["Managed Services"]
Mongo[(MongoDB Atlas<br/>Replica Set)] Mongo[(MongoDB Atlas<br/>3-node Replica Set<br/>Private Endpoint)]
Secrets[Secret Manager] Secrets[Secret Manager]
Registry[Artifact Registry] Registry[Artifact Registry]
end end
end end
subgraph CICD["CI / CD"]
Git[Git Repository]
Actions[Gitea / GitHub Actions<br/>Build · Test · Scan]
Argo[ArgoCD / Flux<br/>GitOps Deploy]
end
Users --> LB Users --> LB
Users --> CDN Users --> CDN
LB --> Ingress LB --> Ingress
CDN --> SPA
Ingress --> API Ingress --> API
Ingress --> SPA Ingress --> SPA
CDN --> SPA
API --> Mongo
API --> Redis API --> Redis
API --> Mongo
API --> Secrets API --> Secrets
GKE --> Registry GKE --> Registry
GKE --> NAT
Git --> Actions
Actions --> Registry
Argo --> GKE
``` ```
## Draw.io / Lucidchart Layout Guide ## CI / CD Pipeline
### Top Row (External) ```mermaid
- **Users** → Internet flowchart LR
Dev[Developer] -->|push| Repo[Git Repo]
Repo -->|webhook| CI[CI Pipeline<br/>lint · test · build]
CI -->|push image| Registry[Artifact Registry]
CI -->|update manifests| GitOps[GitOps Repo]
GitOps -->|sync| Argo[ArgoCD / Flux]
Argo -->|deploy| GKE[GKE Cluster]
```
### Second Row (Edge) ## Network Security Layers
- **Cloud Load Balancer** (HTTPS)
- **Cloud CDN** (for SPA static assets)
### Third Row (GKE) ```mermaid
- **GKE Cluster** (Private) flowchart TD
- Ingress Controller Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
- Backend (Flask) — 23 replicas, HPA FW --> LB[Load Balancer<br/>HTTPS only]
- Frontend (React SPA) LB --> NP[K8s Network Policies]
- Redis (Memorystore) NP --> Pods[Application Pods<br/>Private IPs only]
Pods --> PE[Private Endpoint<br/>MongoDB Atlas]
### Fourth Row (Data) ```
- **MongoDB Atlas** (Replica Set, private endpoint)
- **Secret Manager**
- **Artifact Registry**
### Connections
1. Users → LB, Users → CDN
2. LB → Ingress → Backend + Frontend
3. Backend → MongoDB, Redis, Secret Manager
4. GKE → Artifact Registry (image pulls)
### Colors (suggested)
- External: Light blue
- GCP managed: Light green
- Workloads: Light yellow
- Data: Light orange
docs/verification-log.md
+42 -18
View File
@@ -1,25 +1,49 @@
``` # Verification Log
Verifying FleetDM, MySQL, and Redis...
## Local Deployment (`make verify`)
```
=== Pods === === Pods ===
kubectl get pods -n fleetdm -o wide NAME READY STATUS RESTARTS AGE
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES fleet-75cbb4fd54-s7csh 1/1 Running 0 153m
fleet-6747fdcc49-ljm2d 0/1 ContainerCreating 0 6m2s <none> fleetdm-control-plane <none> <none> fleetdm-stack-mysql-0 1/1 Running 0 166m
fleet-migration-rwxnz 0/1 CreateContainerConfigError 0 6m2s 10.244.0.15 fleetdm-control-plane <none> <none> fleetdm-stack-redis-master-0 1/1 Running 0 166m
fleetdm-stack-mysql-0 0/1 ErrImagePull 0 6m2s 10.244.0.17 fleetdm-control-plane <none> <none>
fleetdm-stack-redis-master-0 1/1 Running 0 6m2s 10.244.0.16 fleetdm-control-plane <none> <none>
=== Services === === Services ===
kubectl get svc -n fleetdm NAME TYPE CLUSTER-IP PORT(S) AGE
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE fleetdm-stack-mysql ClusterIP 10.96.3.64 3306/TCP 166m
fleetdm-stack-mysql ClusterIP 10.96.140.26 <none> 3306/TCP 6m2s fleetdm-stack-mysql-headless ClusterIP None 3306/TCP 166m
fleetdm-stack-mysql-headless ClusterIP None <none> 3306/TCP 6m2s fleetdm-stack-redis-headless ClusterIP None 6379/TCP 166m
fleetdm-stack-redis-headless ClusterIP None <none> 6379/TCP 6m2s fleetdm-stack-redis-master ClusterIP 10.96.159.221 6379/TCP 166m
fleetdm-stack-redis-master ClusterIP 10.96.248.50 <none> 6379/TCP 6m2s fleetdm-stack-service ClusterIP 10.96.189.212 8080/TCP 166m
fleetdm-stack-service ClusterIP 10.96.24.191 <none> 8080/TCP 6m2s
=== Ingress === === Ingress ===
kubectl get ingress -n fleetdm NAME CLASS HOSTS ADDRESS PORTS AGE
NAME CLASS HOSTS ADDRESS PORTS AGE fleetdm-stack nginx fleet.localhost localhost 80 166m
fleetdm-stack nginx fleet.localhost localhost 80 6m2s ```
## Fleet UI Access
```
$ curl -sk -o /dev/null -w "%{http_code}" https://localhost:8585/setup
200
```
Fleet setup page loads successfully at `https://localhost:8585` via `make port-forward`.
## Gitea Actions CI
| Run | Job | Status | Commit |
| --- | ----------------- | ------- | ---------------------------------------------------- |
| #5 | Lint Helm Chart | success | Fix CI lint: remove head pipe that causes SIGPIPE 141 |
| #5 | Release Helm Chart| skipped | (only triggers on `v*` tags) |
## Helm Chart
```
$ helm lint fleetdm-stack/
==> Linting fleetdm-stack/
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
``` ```