# FleetDM Stack — Flamingo DevOps Assignment Helm chart deploying **FleetDM Server** with **MySQL** and **Redis** to Kubernetes. Suitable for local development (Kind/Minikube) and adaptable for production. ## Prerequisites - [Docker](https://docs.docker.com/get-docker/) - [kubectl](https://kubernetes.io/docs/tasks/tools/) - [Helm 3](https://helm.sh/docs/intro/install/) - **Kind** or **Minikube** for local cluster ## Quick Start ```bash # Create local cluster and deploy make cluster make install # Verify deployment make verify # Access Fleet UI at https://localhost:8585 make port-forward ``` ## Installation ### 1. Create local cluster Creates a Kind or Minikube cluster and installs the nginx ingress controller (Kind) or enables ingress addon (Minikube). ```bash # Default: Kind make cluster # Or use Minikube make cluster CLUSTER_TYPE=minikube ``` ### 2. Install the Helm chart ```bash make install ``` This will: - Update Helm dependencies - Create the `fleetdm` namespace - Deploy MySQL, Redis, and FleetDM Server - Run `fleet prepare db` automatically on fresh install (via `autoApplySQLMigrations`) ### 3. Access Fleet UI ```bash # Port-forward Fleet to https://localhost:8585 make port-forward # Or use a custom port make port-forward FLEET_PORT=9090 ``` Open **https://localhost:8585** in your browser (accept the self-signed certificate). Fleet setup wizard will guide you through initial configuration. ![1771534082840](image/README/1771534082840.png) ## Teardown ```bash # Remove Helm release and namespace make uninstall # Remove cluster (Kind or Minikube) make clean ``` ## Verification ```bash make verify ``` Verification checklist: | Component | Check | | ----------- | ----------------------------------------------------------------- | | **FleetDM** | Pods running; `make port-forward` → https://localhost:8585 | | **MySQL** | `fleetdm-stack-mysql` service; Fleet connects and runs migrations | | **Redis** | `fleetdm-stack-redis-master` service; Fleet uses it for cache | ### Manual verification ```bash # Check pods kubectl get pods -n fleetdm # Check Fleet migration job (fleet prepare db) kubectl get jobs -n fleetdm # Check services kubectl get svc -n fleetdm # Fleet logs kubectl logs -n fleetdm -l app=fleet -f ``` ## Configuration | Value | Description | Default | | --------------------- | --------------------- | ------------------- | | `mysql.auth.password` | MySQL password | `fleetdm-local-dev` | | `fleet.replicas` | Fleet server replicas | `1` | | `fleet.hostName` | Ingress host | `fleet.localhost` | Override via `--set` or custom values file: ```bash helm upgrade --install fleetdm-stack fleetdm-stack/ \ -n fleetdm \ --set mysql.auth.password=SECURE_PASSWORD ``` ## TLS certificates For local development, the chart includes self-signed TLS certificates (generated on first `make install`). Production deployments should use cert-manager or provide proper certificates via `fleet.secretName`. ## FleetDM agent reachability Fleet is exposed via port-forward (`make port-forward`) or ingress: - **Fleet UI** — `https://localhost:8585` (via port-forward) - **Agent endpoints** (`/api/v1/osquery/*`, `/api/fleet/orbit/*`) — same URL - Ingress with `fleet.localhost` is also configured as a fallback For production, configure proper TLS and a stable DNS name for agents. ## Enhancements implemented 1. **Basic CI pipeline** — Gitea Actions lint on push, release on tag (see [.github/workflows/release.yaml](.github/workflows/release.yaml)) 2. **Exposed Fleet UI** — `make port-forward` on port 8585 (+ ingress `fleet.localhost`) 3. **`fleet prepare db`** — Handled by `autoApplySQLMigrations: true` in the Fleet Helm chart ## Project Structure ``` tech-task/ ├── fleetdm-stack/ # Helm chart (FleetDM + MySQL + Redis) │ ├── Chart.yaml │ ├── Chart.lock │ ├── values.yaml │ ├── certs/ # TLS certs (generated by make install) │ └── charts/ # Dependencies (run make deps) ├── Makefile # cluster, install, uninstall, verify, port-forward, clean ├── README.md ├── .github/workflows/ # Gitea Actions CI for Helm chart lint & release └── docs/ # Theoretical part ├── architecture-design-company-inc.md ├── architecture-hld.md └── verification-log.md ``` ## Theoretical Part The architectural design document for "Company Inc." is in `docs/`: - [Architecture Design Document](docs/architecture-design-company-inc.md) — 1-2 page design (convert to PDF for submission) - [High-Level Diagram](docs/architecture-hld.md) — Mermaid diagrams (infra, CI/CD, network security)