daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🏗️ Add DAARION Infrastructure Stack

Browse Source 
- Terraform + Ansible + K3s + Vault + Consul + Observability
- Decentralized network architecture (own datacenters)
- Complete Ansible playbooks:
  - bootstrap.yml: OS setup, packages, SSH
  - hardening.yml: Security (UFW, fail2ban, auditd, Trivy)
  - k3s-install.yml: Lightweight Kubernetes cluster
- Production inventory with NODE1, NODE3
- Group variables for all nodes
- Security check cron script
- Multi-DC ready with Consul support
This commit is contained in:
Apple
2026-01-10 05:31:51 -08:00
parent 02cfd90b6f
commit 12545a7c76
11 changed files with 1799 additions and 633 deletions
Download Patch File Download Diff File Expand all files Collapse all files

183
infrastructure/ansible/playbooks/k3s-install.yml Normal file
View File

@@ -0,0 +1,183 @@
# DAARION Network - K3s Installation Playbook
# Lightweight Kubernetes cluster setup
---
# =============================================================================
# INSTALL K3S SERVER (MASTERS)
# =============================================================================
- name: Install K3s Server on Masters
hosts: masters
become: yes
tasks:
- name: Check if K3s is already installed
stat:
path: /etc/rancher/k3s/k3s.yaml
register: k3s_installed
- name: Download K3s installer
get_url:
url: https://get.k3s.io
dest: /tmp/k3s-install.sh
mode: '0755'
when: not k3s_installed.stat.exists
- name: Install K3s server
shell: |
INSTALL_K3S_VERSION={{ k3s_version }} \
sh /tmp/k3s-install.sh server \
--disable traefik \
--disable servicelb \
--write-kubeconfig-mode 644 \
--tls-san {{ ansible_host }} \
--tls-san {{ inventory_hostname }} \
--node-label "datacenter={{ datacenter }}" \
--node-label "node-role={{ node_role }}" \
--cluster-cidr {{ daarion_network_cidr | default('10.42.0.0/16') }} \
--service-cidr {{ daarion_service_cidr | default('10.43.0.0/16') }}
args:
creates: /etc/rancher/k3s/k3s.yaml
register: k3s_install
- name: Wait for K3s to be ready
wait_for:
port: 6443
delay: 10
timeout: 300
- name: Wait for node to be ready
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl wait --for=condition=Ready node/{{ inventory_hostname }} --timeout=300s
register: node_ready
retries: 10
delay: 10
until: node_ready.rc == 0
- name: Get K3s token
slurp:
src: /var/lib/rancher/k3s/server/node-token
register: k3s_token_file
- name: Save K3s token as fact
set_fact:
k3s_join_token: "{{ k3s_token_file.content | b64decode | trim }}"
- name: Fetch kubeconfig
fetch:
src: /etc/rancher/k3s/k3s.yaml
dest: "{{ playbook_dir }}/../kubeconfig/{{ inventory_hostname }}.yaml"
flat: yes
- name: Update kubeconfig with external IP
delegate_to: localhost
become: no
replace:
path: "{{ playbook_dir }}/../kubeconfig/{{ inventory_hostname }}.yaml"
regexp: '127.0.0.1'
replace: "{{ ansible_host }}"
- name: Show K3s status
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl get nodes -o wide
register: k3s_status
changed_when: false
- name: Display K3s status
debug:
var: k3s_status.stdout_lines
# =============================================================================
# INSTALL K3S AGENT (WORKERS)
# =============================================================================
- name: Install K3s Agent on Workers
hosts: workers
become: yes
vars:
k3s_master_host: "{{ hostvars[groups['masters'][0]].ansible_host }}"
k3s_master_token: "{{ hostvars[groups['masters'][0]].k3s_join_token }}"
tasks:
- name: Check if K3s agent is already installed
stat:
path: /var/lib/rancher/k3s/agent
register: k3s_agent_installed
- name: Download K3s installer
get_url:
url: https://get.k3s.io
dest: /tmp/k3s-install.sh
mode: '0755'
when: not k3s_agent_installed.stat.exists
- name: Build node labels
set_fact:
node_labels: >-
--node-label datacenter={{ datacenter }}
--node-label node-role={{ node_role }}
{% if gpu is defined and gpu %}
--node-label gpu=true
--node-label gpu-type={{ gpu_type | default('unknown') }}
--node-label gpu-memory={{ gpu_memory | default('unknown') }}
{% endif %}
- name: Install K3s agent
shell: |
INSTALL_K3S_VERSION={{ k3s_version }} \
K3S_URL=https://{{ k3s_master_host }}:6443 \
K3S_TOKEN={{ k3s_master_token }} \
sh /tmp/k3s-install.sh agent \
{{ node_labels }}
args:
creates: /var/lib/rancher/k3s/agent
register: k3s_agent_install
- name: Wait for agent to connect
pause:
seconds: 30
when: k3s_agent_install.changed
# =============================================================================
# VERIFY CLUSTER
# =============================================================================
- name: Verify K3s Cluster
hosts: masters
become: yes
tasks:
- name: Get cluster nodes
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl get nodes -o wide
register: cluster_nodes
changed_when: false
- name: Display cluster nodes
debug:
var: cluster_nodes.stdout_lines
- name: Get cluster info
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl cluster-info
register: cluster_info
changed_when: false
- name: Display cluster info
debug:
var: cluster_info.stdout_lines
- name: Create daarion namespace
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl create namespace daarion --dry-run=client -o yaml | kubectl apply -f -
changed_when: false
- name: Label GPU nodes
shell: |
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl label nodes {{ item }} nvidia.com/gpu=true --overwrite
loop: "{{ groups['gpu_nodes'] | default([]) }}"
when: groups['gpu_nodes'] is defined
ignore_errors: yes