ICN Homelab Deployment

Status: ICN daemon running on K3s cluster. Rebuilt 2026-02-21 with registry-first architecture on Hyperion.

Cluster Overview

Image Strategy

All images use imagePullPolicy: Always and pull from the in-cluster registry at 10.8.30.40:30500. SCP-based image sync is deprecated.

# Default deploy path (build + push to registry + rolling restart)
cd deploy/k8s && make fast-deploy

Quick Commands

# Deploy new version (registry-first, default path)
cd deploy/k8s && make fast-deploy

# Deploy both daemon and UI
cd deploy/k8s && make fast-deploy-all

# Check status
make status
# OR: ssh ubuntu@10.8.30.40 "sudo kubectl -n icn get pods"

# View logs
make logs
# OR: ssh ubuntu@10.8.30.40 "sudo kubectl -n icn logs -f deployment/icn-daemon"

Deployment Paths

Monitoring Stack (rebuilt 2026-02-21)

Deployed via kube-prometheus-stack Helm chart in monitoring namespace. The ICN-specific overlay (ServiceMonitor, alert rules, and durable storage values) lives in `deploy/k8s/monitoring/`.

Storage: Prometheus and Alertmanager use PVCs on the atlas-nfs StorageClass via deploy/k8s/monitoring/values-kube-prometheus-stack.yaml. Apply with helm upgrade --install kube-prometheus-stack … -f <that file>.

CI/CD Pipeline (rebuilt 2026-02-21)

Self-Hosted GitHub Actions Runner on dedicated VM (not inside K3s).

Runner Management:

ssh ubuntu@10.8.30.46 "sudo systemctl status actions.runner.InterCooperative-Network-icn.ci-runner"
ssh ubuntu@10.8.30.46 "journalctl -u actions.runner.InterCooperative-Network-icn.ci-runner -f"

Pilot Testing Status (2025-12-05)

5-Node Pilot Network on K3s with P2P mesh topology.

Test Commands (via Gateway API):

TOKEN=$(icnctl auth token --gateway http://10.8.30.40:30080 --coop pilot-coop)
curl -H "Authorization: Bearer $TOKEN" http://10.8.30.40:30080/v1/gov/domains

SDIS & Steward Dashboard (deployed 2025-12-13)

Sovereign Digital Identity System with steward verification network.

SDIS API Endpoints

Quick Test Commands

# Check SDIS health
curl http://10.8.30.40:30080/v1/sdis/health

# List pending enrollments
curl http://10.8.30.40:30080/v1/sdis/pending

# Get steward stats
curl http://10.8.30.40:30080/v1/sdis/steward/stats

# Start an enrollment
curl -X POST http://10.8.30.40:30080/v1/sdis/enrollment/start \
  -H "Content-Type: application/json" \
  -d '{"identity_name":"Test User","coop_id":"pilot-coop"}'

Verification Levels

Deployment History

Infrastructure Rebuild (2026-02-21)

Full tear-down and rebuild:

• Moved control plane from node-1 (undersized 2 vCPU/8GB) to Hyperion (4 vCPU/8GB)
• Workers: 16GB RAM each (up from 8GB)
• Dedicated CI runner VM on Hyperion (8 vCPU, not inside K3s)
• Registry-first image strategy (imagePullPolicy: Always)
• NFS CSI driver v4.9.0 (replaces broken csi-nfs-controller)
• Prometheus + Grafana via kube-prometheus-stack Helm chart
• 4 coop instances (alpha, beta, gamma, delta)

Initial Deployment (2025-12-03)

Manual deployment with fixes for:

1. GLIBC compatibility - Ubuntu 24.04 base image
2. STUN port conflict - Disabled STUN
3. Governance topic - Created before GovernanceActor spawn
4. Memory limit - Increased to 2Gi
5. Health probe - Port 9100 (metrics)

Automated System (2025-12-04)

• Kubernetes manifests in deploy/k8s/
• Build scripts with .dockerignore optimization
• Image sync automation
• Comprehensive documentation

Related Documentation