Digitalboard/digitalboard.core
6
2
Fork 0
Code Pull requests 1 Releases Packages Activity Actions

feat(ess_pro): deploy Element Server Suite Pro via K3s + Helm

Browse source 
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk
stack. Integrates with existing Keycloak (OIDC), Garage (S3 media)
and OpenBao (secrets). Hostnames under digitalboard.ch.
This commit is contained in:
Tobias Wüst 2026-05-27 23:46:37 +02:00
parent c11f019aae
commit 01fd12d75c
18 changed files with 1098 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
roles/ess-pro/tasks/deploy.yml Normal file
View file

@ -0,0 +1,63 @@
---
- name: Render ESS values.yaml
ansible.builtin.template:
src: values.yaml.j2
dest: "{{ ess_pro_values_file }}"
owner: root
group: root
mode: "0640"
- name: Deploy / upgrade ESS Pro Helm release
kubernetes.core.helm:
kubeconfig: "{{ ess_pro_kubeconfig }}"
name: "{{ ess_pro_release_name }}"
chart_ref: "{{ ess_pro_chart_ref }}"
chart_version: "{{ ess_pro_chart_version | default(omit, true) }}"
release_namespace: "{{ ess_pro_namespace }}"
create_namespace: false
values_files:
- "{{ ess_pro_values_file }}"
wait: "{{ ess_pro_helm_wait | bool }}"
wait_timeout: "{{ ess_pro_helm_timeout }}"
atomic: false
state: present
register: helm_release
- name: Show release status
ansible.builtin.debug:
msg: "{{ helm_release.status | default('no status returned') }}"
when: helm_release is defined
- name: Wait for Synapse pod to be Ready
kubernetes.core.k8s_info:
kubeconfig: "{{ ess_pro_kubeconfig }}"
kind: Pod
namespace: "{{ ess_pro_namespace }}"
label_selectors:
- "app.kubernetes.io/name=synapse"
register: synapse_pods
until:
- synapse_pods.resources | length > 0
- synapse_pods.resources[0].status.containerStatuses is defined
- (synapse_pods.resources[0].status.containerStatuses | selectattr('ready', 'equalto', true) | list | length) > 0
retries: 30
delay: 10
- name: Fetch the localadmin bootstrap password (one-shot, only printed in verbose runs)
kubernetes.core.k8s_info:
kubeconfig: "{{ ess_pro_kubeconfig }}"
kind: Secret
namespace: "{{ ess_pro_namespace }}"
name: "{{ ess_pro_release_name }}-generated"
register: ess_generated_secret
when: ess_pro_create_initial_admin | bool
no_log: true
- name: Show how to retrieve the localadmin password
ansible.builtin.debug:
msg: |
ESS Pro is up. To get the localadmin password:
kubectl -n {{ ess_pro_namespace }} get secrets/{{ ess_pro_release_name }}-generated \
-o jsonpath='{.data.ADMIN_USER_PASSWORD}' | base64 -d
Login at https://{{ ess_pro_hostnames.element_admin }} as @localadmin:{{ ess_pro_server_name }}
when: ess_pro_create_initial_admin | bool