eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
2ae7844ab2ef3543e463a747e24a56a39b9454a3
flamingo-tech-test/README.md
Andriy Oblivantsev 2ae7844ab2
Helm Chart CI & Release / Lint Helm Chart (push) Failing after 30s
Details
Helm Chart CI & Release / Release Helm Chart (push) Has been skipped
Details
Expose Fleet via port-forward on port 8585 instead of fleet.localhost 
- Add make port-forward target (default: https://0.0.0.0:8585)
- FLEET_PORT variable for custom port
- Update README with port-forward instructions

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 19:40:02 +00:00

166 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# FleetDM Stack — Flamingo DevOps Assignment
Helm chart deploying **FleetDM Server** with **MySQL** and **Redis** to Kubernetes. Suitable for local development (Kind/Minikube) and adaptable for production.
## Prerequisites
- [Docker](https://docs.docker.com/get-docker/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Helm 3](https://helm.sh/docs/intro/install/)
- **Kind** or **Minikube** for local cluster
## Quick Start
```bash
# Create local cluster and deploy
make cluster
make install
# Verify deployment
make verify
# Access Fleet UI at https://localhost:8585
make port-forward
```
## Installation
### 1. Create local cluster
Creates a Kind or Minikube cluster and installs the nginx ingress controller (Kind) or enables ingress addon (Minikube).
```bash
# Default: Kind
make cluster
# Or use Minikube
make cluster CLUSTER_TYPE=minikube
```
### 2. Install the Helm chart
```bash
make install
```
This will:
- Update Helm dependencies
- Create the `fleetdm` namespace
- Deploy MySQL, Redis, and FleetDM Server
- Run `fleet prepare db` automatically on fresh install (via `autoApplySQLMigrations`)
### 3. Access Fleet UI
```bash
# Port-forward Fleet to https://localhost:8585
make port-forward
# Or use a custom port
make port-forward FLEET_PORT=9090
```
Open **https://localhost:8585** in your browser (accept the self-signed certificate).
Fleet setup wizard will guide you through initial configuration.
## Teardown
```bash
# Remove Helm release and namespace
make uninstall
# Remove cluster (Kind or Minikube)
make clean
```
## Verification
```bash
make verify
```
Verification checklist:
| Component | Check |
| ----------- | ----------------------------------------------------------------- |
| **FleetDM** | Pods running; `make port-forward` → https://localhost:8585 |
| **MySQL** | `fleetdm-stack-mysql` service; Fleet connects and runs migrations |
| **Redis** | `fleetdm-stack-redis-master` service; Fleet uses it for cache |
### Manual verification
```bash
# Check pods
kubectl get pods -n fleetdm
# Check Fleet migration job (fleet prepare db)
kubectl get jobs -n fleetdm
# Check services
kubectl get svc -n fleetdm
# Fleet logs
kubectl logs -n fleetdm -l app=fleet -f
```
## Configuration
| Value | Description | Default |
| --------------------- | --------------------- | ------------------- |
| `mysql.auth.password` | MySQL password | `fleetdm-local-dev` |
| `fleet.replicas` | Fleet server replicas | `1` |
| `fleet.hostName` | Ingress host | `fleet.localhost` |
Override via `--set` or custom values file:
```bash
helm upgrade --install fleetdm-stack fleetdm-stack/ \
-n fleetdm \
--set mysql.auth.password=SECURE_PASSWORD
```
## TLS certificates
For local development, the chart includes self-signed TLS certificates (generated on first `make install`). Production deployments should use cert-manager or provide proper certificates via `fleet.secretName`.
## FleetDM agent reachability
Fleet is exposed via port-forward (`make port-forward`) or ingress:
- **Fleet UI** — `https://localhost:8585` (via port-forward)
- **Agent endpoints** (`/api/v1/osquery/*`, `/api/fleet/orbit/*`) — same URL
- Ingress with `fleet.localhost` is also configured as a fallback
For production, configure proper TLS and a stable DNS name for agents.
## Enhancements implemented
1. **Basic CI pipeline** — GitHub Actions releases new Helm chart versions (see [.github/workflows/release.yaml](.github/workflows/release.yaml))
2. **Exposed Fleet UI**`make port-forward` on port 8585 (+ ingress `fleet.localhost`)
3. **`fleet prepare db`** — Handled by `autoApplySQLMigrations: true` in the Fleet Helm chart
## Project Structure
```
tech-task/
├── fleetdm-stack/ # Helm chart (FleetDM + MySQL + Redis)
│ ├── Chart.yaml
│ ├── Chart.lock
│ ├── values.yaml
│ ├── certs/ # TLS certs (generated by make install)
│ └── charts/ # Dependencies (run make deps)
├── Makefile # cluster, install, uninstall, verify, clean
├── README.md
├── .github/workflows/ # CI for Helm chart releases
└── docs/ # Theoretical part
├── architecture-design-company-inc.md
└── architecture-hld.md
```
## Theoretical Part
The architectural design document for "Company Inc." is in `docs/`:
- [Architecture Design Document](docs/architecture-design-company-inc.md) — 12 page design (convert to PDF for submission)
- [High-Level Diagram Reference](docs/architecture-hld.md) — Mermaid source and draw.io guide for HLD
Reference in New Issue View Git Blame Copy Permalink