eSlider/flamingo-tech-test
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
b5c22e84ec0bcab469e1320d01d5bbbd89a2a6a2
flamingo-tech-test/README.md
Andriy Oblivantsev b5c22e84ec
Helm Chart CI & Release / Lint Helm Chart (push) Failing after 39s
Details
Helm Chart CI & Release / Release Helm Chart (push) Has been skipped
Details
Configure Gitea Actions for Helm chart CI and release 
- Replace GitHub chart-releaser with Gitea-compatible workflow
- Lint job: helm lint, template validation on push to main/master
- Release job: package and publish to Gitea releases on tag push (v*)
- Use gitea-release-action for creating releases
- Support both main and master branches

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 17:13:53 +00:00

169 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# FleetDM Stack — Flamingo DevOps Assignment
Helm chart deploying **FleetDM Server** with **MySQL** and **Redis** to Kubernetes. Suitable for local development (Kind/Minikube) and adaptable for production.
## Prerequisites
- [Docker](https://docs.docker.com/get-docker/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Helm 3](https://helm.sh/docs/intro/install/)
- **Kind** or **Minikube** for local cluster
## Quick Start
```bash
# Create local cluster and deploy
make cluster
make install
# Verify deployment
make verify
```
## Installation
### 1. Create local cluster
Creates a Kind or Minikube cluster and installs the nginx ingress controller (Kind) or enables ingress addon (Minikube).
```bash
# Default: Kind
make cluster
# Or use Minikube
make cluster CLUSTER_TYPE=minikube
```
### 2. Install the Helm chart
```bash
make install
```
This will:
- Update Helm dependencies
- Create the `fleetdm` namespace
- Deploy MySQL, Redis, and FleetDM Server
- Run `fleet prepare db` automatically on fresh install (via `autoApplySQLMigrations`)
### 3. Access Fleet UI
**Kind:**
```bash
# Add to /etc/hosts (or equivalent)
echo "127.0.0.1 fleet.localhost" | sudo tee -a /etc/hosts
# Access via ingress (ensure ingress-nginx is ready)
curl -H "Host: fleet.localhost" http://localhost
# Or open http://localhost in a browser with Host: fleet.localhost
```
**Minikube:**
```bash
minikube tunnel
# Then add fleet.localhost to /etc/hosts pointing to minikube IP
```
## Teardown
```bash
# Remove Helm release and namespace
make uninstall
# Remove cluster (Kind or Minikube)
make clean
```
## Verification
```bash
make verify
```
Verification checklist:
| Component | Check |
| ----------- | ----------------------------------------------------------------- |
| **FleetDM** | Pods running; ingress `fleet.localhost` serves Fleet UI |
| **MySQL** | `fleetdm-stack-mysql` service; Fleet connects and runs migrations |
| **Redis** | `fleetdm-stack-redis-master` service; Fleet uses it for cache |
### Manual verification
```bash
# Check pods
kubectl get pods -n fleetdm
# Check Fleet migration job (fleet prepare db)
kubectl get jobs -n fleetdm
# Check services
kubectl get svc -n fleetdm
# Fleet logs
kubectl logs -n fleetdm -l app=fleet -f
```
## Configuration
| Value | Description | Default |
| --------------------- | --------------------- | ------------------- |
| `mysql.auth.password` | MySQL password | `fleetdm-local-dev` |
| `fleet.replicas` | Fleet server replicas | `1` |
| `fleet.hostName` | Ingress host | `fleet.localhost` |
Override via `--set` or custom values file:
```bash
helm upgrade --install fleetdm-stack fleetdm-stack/ \
-n fleetdm \
--set mysql.auth.password=SECURE_PASSWORD
```
## TLS certificates
For local development, the chart includes self-signed TLS certificates (generated on first `make install`). Production deployments should use cert-manager or provide proper certificates via `fleet.secretName`.
## FleetDM agent reachability
The chart exposes Fleet via ingress so:
- **Fleet UI** is available at `http://fleet.localhost`
- **Agent endpoints** (`/api/v1/osquery/*`, `/api/fleet/orbit/*`, etc.) are reachable under the same host
For production, configure TLS and ensure agents can reach the Fleet server hostname.
## Enhancements implemented
1. **Basic CI pipeline** — GitHub Actions releases new Helm chart versions (see [.github/workflows/release.yaml](.github/workflows/release.yaml))
2. **Exposed Fleet UI** — Ingress with `fleet.localhost` for UI and agent enrollment
3. **`fleet prepare db`** — Handled by `autoApplySQLMigrations: true` in the Fleet Helm chart
## Project Structure
```
tech-task/
├── fleetdm-stack/ # Helm chart (FleetDM + MySQL + Redis)
│ ├── Chart.yaml
│ ├── Chart.lock
│ ├── values.yaml
│ ├── certs/ # TLS certs (generated by make install)
│ └── charts/ # Dependencies (run make deps)
├── Makefile # cluster, install, uninstall, verify, clean
├── README.md
├── .github/workflows/ # CI for Helm chart releases
└── docs/ # Theoretical part
├── architecture-design-company-inc.md
└── architecture-hld.md
```
## Theoretical Part
The architectural design document for "Company Inc." is in `docs/`:
- [Architecture Design Document](docs/architecture-design-company-inc.md) — 12 page design (convert to PDF for submission)
- [High-Level Diagram Reference](docs/architecture-hld.md) — Mermaid source and draw.io guide for HLD
Reference in New Issue View Git Blame Copy Permalink