# FleetDM Stack — Flamingo DevOps Assignment

Helm chart deploying **FleetDM Server** with **MySQL** and **Redis** to Kubernetes. Suitable for local development (Kind/Minikube) and adaptable for production.

## Prerequisites

- [Docker](https://docs.docker.com/get-docker/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Helm 3](https://helm.sh/docs/intro/install/)
- **Kind** or **Minikube** for local cluster

## Quick Start

```bash
# Create local cluster and deploy
make cluster
make install

# Verify deployment
make verify
```

## Installation

### 1. Create local cluster

Creates a Kind or Minikube cluster and installs the nginx ingress controller (Kind) or enables ingress addon (Minikube).

```bash
# Default: Kind
make cluster

# Or use Minikube
make cluster CLUSTER_TYPE=minikube
```

### 2. Install the Helm chart

```bash
make install
```

This will:

- Update Helm dependencies
- Create the `fleetdm` namespace
- Deploy MySQL, Redis, and FleetDM Server
- Run `fleet prepare db` automatically on fresh install (via `autoApplySQLMigrations`)

### 3. Access Fleet UI

**Kind:**

```bash
# Add to /etc/hosts (or equivalent)
echo "127.0.0.1 fleet.localhost" | sudo tee -a /etc/hosts

# Access via ingress (ensure ingress-nginx is ready)
curl -H "Host: fleet.localhost" http://localhost
# Or open http://localhost in a browser with Host: fleet.localhost
```

**Minikube:**

```bash
minikube tunnel
# Then add fleet.localhost to /etc/hosts pointing to minikube IP
```

## Teardown

```bash
# Remove Helm release and namespace
make uninstall

# Remove cluster (Kind or Minikube)
make clean
```

## Verification

```bash
make verify
```

Verification checklist:

| Component   | Check                                                             |
| ----------- | ----------------------------------------------------------------- |
| **FleetDM** | Pods running; ingress `fleet.localhost` serves Fleet UI           |
| **MySQL**   | `fleetdm-stack-mysql` service; Fleet connects and runs migrations |
| **Redis**   | `fleetdm-stack-redis-master` service; Fleet uses it for cache     |

### Manual verification

```bash
# Check pods
kubectl get pods -n fleetdm

# Check Fleet migration job (fleet prepare db)
kubectl get jobs -n fleetdm

# Check services
kubectl get svc -n fleetdm

# Fleet logs
kubectl logs -n fleetdm -l app=fleet -f
```

## Configuration

| Value                 | Description           | Default             |
| --------------------- | --------------------- | ------------------- |
| `mysql.auth.password` | MySQL password        | `fleetdm-local-dev` |
| `fleet.replicas`      | Fleet server replicas | `1`                 |
| `fleet.hostName`      | Ingress host          | `fleet.localhost`   |

Override via `--set` or custom values file:

```bash
helm upgrade --install fleetdm-stack fleetdm-stack/ \
  -n fleetdm \
  --set mysql.auth.password=SECURE_PASSWORD
```

## TLS certificates

For local development, the chart includes self-signed TLS certificates (generated on first `make install`). Production deployments should use cert-manager or provide proper certificates via `fleet.secretName`.

## FleetDM agent reachability

The chart exposes Fleet via ingress so:

- **Fleet UI** is available at `http://fleet.localhost`
- **Agent endpoints** (`/api/v1/osquery/*`, `/api/fleet/orbit/*`, etc.) are reachable under the same host

For production, configure TLS and ensure agents can reach the Fleet server hostname.

## Enhancements implemented

1. **Basic CI pipeline** — GitHub Actions releases new Helm chart versions (see [.github/workflows/release.yaml](.github/workflows/release.yaml))
2. **Exposed Fleet UI** — Ingress with `fleet.localhost` for UI and agent enrollment
3. **`fleet prepare db`** — Handled by `autoApplySQLMigrations: true` in the Fleet Helm chart

## Project Structure

```
tech-task/
├── fleetdm-stack/          # Helm chart (FleetDM + MySQL + Redis)
│   ├── Chart.yaml
│   ├── Chart.lock
│   ├── values.yaml
│   ├── certs/              # TLS certs (generated by make install)
│   └── charts/             # Dependencies (run make deps)
├── Makefile                # cluster, install, uninstall, verify, clean
├── README.md
├── .github/workflows/      # CI for Helm chart releases
└── docs/                   # Theoretical part
    ├── architecture-design-company-inc.md
    └── architecture-hld.md
```

## Theoretical Part

The architectural design document for "Company Inc." is in `docs/`:

- [Architecture Design Document](docs/architecture-design-company-inc.md) — 1–2 page design (convert to PDF for submission)
- [High-Level Diagram Reference](docs/architecture-hld.md) — Mermaid source and draw.io guide for HLD