Handbook
Operate 301 — Enterprise deployment checklist
Audience: security, platform, and release stakeholders signing off on a Fleet host. Outcome: explicit go / no-go items before exposing Fleet beyond a lab.
Updated
Go / no-go
| # | Item | Owner | Evidence |
|---|---|---|---|
| 1 | Bearer + bind policy matches threat model (Security) | Security | Config review + GET probe without token fails as expected |
| 2 | TLS terminates at Caddy / LB with valid certs (Caddy + systemd) | Platform | Browser + curl/openssl s_client |
| 3 | Docker isolation documented (socket perms, optional rootless/gVisor) | Platform | Runbook entry |
| 4 | Backups of fleet.sqlite + etc/ scheduled (Backup & DR) |
Ops | Restore drill ticket |
| 5 | Remote update path understood (Upgrade) | Release | Dry-run on staging |
| 6 | Observability hooks in place (Observability) | Ops | Dashboard screenshot or alert definition |
Operational readiness
- On-call knows symptom → runbook mapping (Troubleshooting).
CHANGELOGhost-operator notes for the target version are applied.
Rollback tested
- You can reinstall N−1 bits or restore N data dir from backup per policy.
Post-deploy smoke
GET /v1/version,GET /v1/health.POST /v1/jobswithkind: docker_argvtrivial container — HTTP 201.GET /v1/jobs/{id}reaches terminalcompleted.