Update Kubernetes best practice docs (#16807)

- Remove example YAML file from docs to deduplicate - Update "Prepare a new version of Fleet" handbook instructions to point to the best practice YAML - Add README to point to docs - Move tools for deploying Fleet on Kubernetes to `Deploy/` folder. - Add @dherder as CODEOWNER so that Dave gets pinged every time a contributor wants to make a change to the Kubernetes --------- Co-authored-by: Dave Herder <27025660+dherder@users.noreply.github.com> Co-authored-by: Luke Heath <luke@fleetdm.com>
2024-11-06 00:45:19 +00:00 · 2024-02-27 23:49:48 -05:00 · 2024-02-27 23:49:48 -05:00 · 2a60823a93
commit 2a60823a93
parent 38adcc3f63
7 changed files with 10 additions and 80 deletions
--- a/2
+++ b/2
@ -66,7 +66,7 @@ go.mod @fleetdm/go
 /docs/Using-Fleet/REST-API.md                   @rachaelshaw # « REST API reference documentation
 /docs/Contributing/API-for-contributors.md      @rachaelshaw # « Advanced / contributors-only API reference documentation
 /schema                                         @eashaw # « Data tables (osquery/fleetd schema) documentation
-
+/docs/Deploy/kubernetes/ @dherder # « Kubernetes best practice
 ##############################################################################################
 # 🫧 Pricing and features
 #
--- a/docs/Contributing/Releasing-Fleet.md
+++ b/docs/Contributing/Releasing-Fleet.md
@ -13,7 +13,7 @@ Note: Please prefix versions with `fleet-v` (e.g., `fleet-v4.0.0`) in git tags,
 - [fleetctl package.json](https://github.com/fleetdm/fleet/blob/main/tools/fleetctl-npm/package.json) (do not yet `npm publish`)
 - [Helm chart.yaml](https://github.com/fleetdm/fleet/blob/main/charts/fleet/Chart.yaml) and [values file](https://github.com/fleetdm/fleet/blob/main/charts/fleet/values.yaml)
 - Terraform variables ([AWS](https://github.com/fleetdm/fleet/blob/main/infrastructure/dogfood/terraform/aws/variables.tf)/[GCP](https://github.com/fleetdm/fleet/blob/main/infrastructure/dogfood/terraform/gcp/variables.tf))
- [Kubernetes `deployment.yml` example file](https://github.com/fleetdm/fleet/blob/main/docs/Deploy/Deploying-Fleet-on-Kubernetes.md)
+- [Kubernetes `fleet-deployment.yml` file](https://github.com/fleetdm/fleet/blob/main/docs/Deploy/kubernetes/fleet-deployment.yml)
 - All Terraform (*.tf) files referencing the previous version of Fleet.

 Commit these changes via Pull Request and pull the changes on the `main` branch locally.
--- a/docs/Deploy/Deploy-Fleet-on-Kubernetes.md
+++ b/docs/Deploy/Deploy-Fleet-on-Kubernetes.md
@ -8,82 +8,11 @@ There are 2 primary ways to deploy the Fleet server to a Kubernetes cluster. The

 We will assume you have `kubectl` and MySQL and Redis are all set up and running. Optionally you have minikube to test your deployment locally on your machine.

-To deploy the Fleet server and connect to its dependencies(MySQL and Redis), we will set up a `deployment.yml` file with the following specifications:
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: fleet-deployment
-  labels:
-    app: fleet
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: fleet
-  template:
-    metadata:
-      labels:
-        app: fleet
-    spec:
-      containers:
-      - name: fleet
-        image: fleetdm/fleet:4.32.0
-        env:
-          # if running Fleet behind external ingress controller that terminates TLS
-          - name: FLEET_SERVER_TLS
-            value: FALSE
-          - name: FLEET_VULNERABILITIES_DATABASES_PATH
-            value: /tmp/vuln
-          - name: FLEET_MYSQL_ADDRESS
-            valueFrom:
-              secretKeyRef:
-                name: fleet_secrets
-                key: mysql_address
-          - name: FLEET_MYSQL_DATABASE
-            valueFrom:
-              secretKeyRef:
-                name: fleet_secrets
-                key: mysql_database
-          - name: FLEET_MYSQL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: fleet_secrets
-                key: mysql_password
-          - name: FLEET_MYSQL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: fleet_secrets
-                key: mysql_username
-          - name: FLEET_REDIS_ADDRESS
-            valueFrom:
-              secretKeyRef:
-                name: fleet_secrets
-                key: redis_address
-        volumeMounts:
-          - name: tmp
-            mountPath: /tmp # /tmp might not work on all cloud providers by default
-        resources:
-          requests:
-            memory: "64Mi"
-            cpu: "250m"
-          limits:
-            memory: "2048Mi" # vulnerability processing
-            cpu: "500m"
-        ports:
-        - containerPort: 3000
-      volumes:
-        - name: tmp
-          emptyDir:
-
-```
-Notice we are using secrets to pass in values for Fleet's dependencies' environment variables.
+To deploy the Fleet server and connect to its dependencies (MySQL and Redis), we will use [Fleet's best practice `fleet-deployment.yml` file](https://github.com/fleetdm/fleet/blob/main/docs/Deploy/Deploy-Fleet-on-Kubernetes.md).

 Let's tell Kubernetes to create the cluster by running the below command.

-`kubectl apply -f ./deployment.yml`
-
+`kubectl apply -f ./fleet-deployment.yml`

 ### Initializing Helm

@ -154,14 +83,14 @@ Note: this step is not neccessary when using the Fleet Helm Chart as it handles
 The last step is to run the Fleet database migrations on your new MySQL server. To do this, run the following:

 ```sh
-kubectl create -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
+kubectl create -f ./docs/Deploy/kubernetes/fleet-migrations.yml
 ```

 In Kubernetes, you can only run a job once. If you'd like to run it again (i.e.: you'd like to run the migrations again using the same file), you must delete the job before re-creating it. To delete the job and re-run it, you can run the following commands:

 ```sh
-kubectl delete -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
-kubectl create -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
+kubectl delete -f ./docs/Deploy/kubernetes/fleet-migrations.yml
+kubectl create -f ./docs/Deploy/kubernetes/fleet-migrations.yml
 ```

 #### Redis
@ -229,7 +158,7 @@ kubectl create secret tls fleet-tls --key=./tls.key --cert=./tls.crt
 First we must deploy the instances of the Fleet webserver. The Fleet webserver is described using a Kubernetes deployment object. To create this deployment, run the following:

 ```sh
-kubectl apply -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-deployment.yml
+kubectl apply -f ./docs/Deploy/fleet-deployment.yml
 ```

 You should be able to get an instance of the webserver running via `kubectl get pods` and you should see the following logs:
@ -245,7 +174,7 @@ ts=2017-11-16T02:48:38.441148166Z transport=https address=0.0.0.0:443 msg=listen
 Now that the Fleet server is running on our cluster, we have to expose the Fleet webservers to the internet via a load balancer. To create a Kubernetes `Service` of type `LoadBalancer`, run the following:

 ```sh
-kubectl apply -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-service.yml
+kubectl apply -f ./docs/Deploy/fleet-service.yml
 ```

 #### Configure DNS
--- a/docs/Deploy/kubernetes/README.md
+++ b/docs/Deploy/kubernetes/README.md
@ -0,0 +1 @@
+This folder includes the best practice YAML files for [deploying Fleet on Kubernetes](https://fleetdm.com/docs/deploy/deploy-fleet-on-kubernetes). 
--- a/docs/Configuration/configuration-files/kubernetes/fleet-deployment.yml
+++ b/docs/Configuration/configuration-files/kubernetes/fleet-deployment.yml
--- a/docs/Configuration/configuration-files/kubernetes/fleet-migrations.yml
+++ b/docs/Configuration/configuration-files/kubernetes/fleet-migrations.yml
--- a/docs/Configuration/configuration-files/kubernetes/fleet-service.yml
+++ b/docs/Configuration/configuration-files/kubernetes/fleet-service.yml
				`@ -0,0 +1 @@`
				`This folder includes the best practice YAML files for [deploying Fleet on Kubernetes](https://fleetdm.com/docs/deploy/deploy-fleet-on-kubernetes).`