admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs/gitops-cicd/test-server-requirements.md

Browse Source
This commit is contained in:
admin
2026-01-13 08:51:43 +00:00
parent e7657db02d
commit a8a987aa7b
1 changed files with 0 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
docs/gitops-cicd/07-test-server-requirements.md → docs/gitops-cicd/test-server-requirements.md
View File

@@ -529,261 +529,3 @@ Firewall Rules (Simplified для Dev):
--- ---
## 5. Сетевая инфраструктура
### 5.1 IP Addressing Scheme
**Dev Environment:** 10.100.0.0/16
| Zone | Subnet | Range | Gateway |
|------|--------|-------|---------|
| **Gateway** | 10.100.1.0/24 | .1-.254 | 10.100.1.1 |
| **Management** | 10.100.10.0/24 | .10-.50 | 10.100.10.1 |
| **Swarm Cluster** | 10.100.20.0/24 | .1-.254 | 10.100.20.1 |
| **AI Zone** | 10.100.30.0/24 | .10-.50 | 10.100.30.1 |
| **Monitoring** | 10.100.40.0/24 | .10-.50 | 10.100.40.1 |
| **Data Zone** | 10.100.50.0/24 | .10-.50 | 10.100.50.1 |
### 5.2 DNS Configuration
```
# Management Zone
gitea.dev.company.local → 10.100.10.10
jenkins.dev.company.local → 10.100.10.20
harbor.dev.company.local → 10.100.10.30
portainer.dev.company.local → 10.100.10.50
# Swarm Zone
swarm-manager.dev.company.local → 10.100.20.1
swarm-worker1.dev.company.local → 10.100.20.2
swarm-worker2.dev.company.local → 10.100.20.3
swarm-worker3.dev.company.local → 10.100.20.4
# AI Zone
ollama.dev.company.local → 10.100.30.10
mcp.dev.company.local → 10.100.30.20
# Monitoring
grafana.dev.company.local → 10.100.40.10
prometheus.dev.company.local → 10.100.40.10
# Data Zone
postgres.dev.company.local → 10.100.50.10
nfs.dev.company.local → 10.100.50.20
```
---
## 6. Хранилище данных
### 6.1 Storage Architecture
**Tier Classification:**
| Tier | Type | Use Case | Performance | Cost |
|------|------|----------|-------------|------|
| **Tier 0** | NVMe SSD | Databases, OS, logs | >50K IOPS | High |
| **Tier 1** | SATA SSD | Applications, caching | 10-50K IOPS | Medium |
| **Tier 2** | HDD RAID 10 | Harbor images, backups | 200-500 IOPS | Low |
### 6.2 Backup Strategy
**Backup Schedule:**
| What | Frequency | Retention | Method | Storage |
|------|-----------|-----------|--------|---------|
| **Git Repos** | Daily | 30 days | rsync/borg | NFS backup volume |
| **Databases** | Daily | 30 days | pg_dump | NFS backup volume |
| **Configs** | Daily | 90 days | Git + tar | NFS backup volume |
| **Docker Images** | Weekly | 4 weeks | Harbor replication | External (optional) |
| **Full System** | Weekly | 4 weeks | VM snapshots | Hypervisor storage |
---
## 7. Безопасность
### 7.1 OS Hardening Checklist
```bash
✅ Disable root SSH login
✅ Key-based authentication only
✅ UFW firewall configured
✅ Automatic security updates
✅ Fail2ban для SSH protection
✅ Disable unused services
✅ Audit logging enabled
✅ Time synchronization (NTP)
✅ CIS Benchmark compliance
```
### 7.2 RBAC Groups
| Group | Access Level | Services |
|-------|-------------|----------|
| **dev-team** | Developer | Gitea (read/write), Jenkins (build), Portainer (view) |
| **devops-team** | Operator | All services (full access) |
| **managers** | Viewer | Read-only dashboards |
| **security-team** | Auditor | Read-only + audit logs |
---
## 8. Бюджетные расчеты
### 8.1 Comparison Summary
| Вариант | Initial Cost | 3-Year TCO | Pros | Cons |
|---------|-------------|------------|------|------|
| **A: Separate VMs** | $130-138K | $185-193K | Max flexibility | Highest cost |
| **B: Single Server** | $107-116K | $162-171K | Lowest cost | Single point of failure |
| **C: Hybrid** | $135-144K | $190-199K | **Balanced** ✅ | Moderate cost |
### 8.2 Вариант C: Hybrid (Рекомендуется) - Детальный бюджет
**Hardware:**
| Item | Specification | Cost |
|------|--------------|------|
| Server 1 (CI/CD) | 16 core, 128GB, 3TB | $18,000 |
| Server 2 (Swarm) | 24 core, 96GB, 1.5TB | $15,000 |
| Server 3 (AI/Monitor) | 16 core, 64GB, 2TB | $12,000 |
| Server 4 (Data) | 8 core, 32GB, 10TB | $10,000 |
| Network Switch 10GbE | 24-port managed | $4,000 |
| Firewall | FortiGate 60F | $2,500 |
| UPS | 3000VA rack-mount | $1,500 |
| Cables & Rack | Networking & 42U rack | $3,000 |
| **Subtotal Hardware** | | **$66,000** |
| Contingency (10%) | | $6,600 |
| **Total Hardware** | | **$72,600** |
**Software & Services:**
| Item | Cost |
|------|------|
| Software Licenses | $500-9,000 |
| Professional Services | $24,000 |
| Training (3 days) | $15,000 |
| Security Audit | $10,000 |
| Documentation | $5,000 |
| Contingency (15%) | $8,100 |
| **Total Services** | **$62,600-71,100** |
**TOTAL INITIAL: $135,200-143,700**
**Annual Recurring: $27,500**
**3-YEAR TCO: $190,200-198,700**
---
## 9. План закупок
### 9.1 Timeline (8 недель)
**Week 1-2: Planning**
- [ ] Finalize architecture (Variant C recommended)
- [ ] Budget approval
- [ ] Security sign-off
- [ ] Select vendors
**Week 3-4: Procurement**
- [ ] Request quotes (minimum 3 vendors)
- [ ] Compare offerings
- [ ] Place purchase orders
- [ ] Lead time: 2-4 weeks
**Week 5-6: Installation**
- [ ] Receive hardware
- [ ] Physical installation
- [ ] Cable management
- [ ] Initial validation
**Week 7-8: Deployment**
- [ ] Hypervisor installation
- [ ] VM creation
- [ ] Network configuration
- [ ] Software deployment
### 9.2 Vendor Selection
**Recommended Vendors:**
- **Dell** - Good support, standard pricing
- **HPE** - Excellent enterprise support
- **Lenovo** - Competitive pricing
- **Supermicro** - Best price/performance
**Evaluation Criteria:**
1. Support response time (4-hour vs next business day)
2. Warranty (3 years minimum)
3. Spare parts availability
4. Local support presence
5. Total cost (including shipping & taxes)
### 9.3 Acceptance Criteria
**Hardware:**
- [ ] All components delivered as specified
- [ ] No physical damage
- [ ] POST tests pass
- [ ] RAID configuration validated
- [ ] Network connectivity verified
- [ ] Remote management (iDRAC/iLO) working
**Software:**
- [ ] All VMs deployed
- [ ] Network connectivity tested
- [ ] Storage performance validated
- [ ] Backup jobs configured
- [ ] Monitoring operational
- [ ] Security scans clean
**Final:**
- [ ] End-to-end CI/CD workflow tested
- [ ] Documentation complete
- [ ] Team trained
- [ ] Security and compliance sign-off
---
## Приложения
### A. Quick Reference
**Service URLs:**
```
Gitea: https://gitea.dev.company.local:3000
Jenkins: https://jenkins.dev.company.local:8080
Harbor: https://harbor.dev.company.local
Portainer: https://portainer.dev.company.local:9443
Grafana: https://grafana.dev.company.local:3000
Ollama: http://ollama.dev.company.local:11434
```
### B. Common Commands
```bash
# Swarm operations
docker node ls
docker stack deploy -c docker-compose.yml stackname
docker service logs servicename
docker service scale servicename=3
# Database backup
pg_dump -h postgres.dev.company.local dbname > backup.sql
# Check monitoring
curl http://prometheus.dev.company.local:9090/api/v1/query?query=up
# AI test
curl http://ollama.dev.company.local:11434/api/generate \
-d '{"model": "llama3", "prompt": "Hello"}'
```
---
**Document Version:** 1.0
**Last Updated:** Январь 2026
**Status:** Ready for approval
**Approvals:**
- [ ] Infrastructure Lead: _________________ Date: _______
- [ ] Security Lead: _________________ Date: _______
- [ ] Financial Approval: _________________ Date: _______
- [ ] Project Sponsor: _________________ Date: _______