feat(ess_pro): deploy Element Server Suite Pro via K3s + Helm
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
This commit is contained in:
parent
c11f019aae
commit
01fd12d75c
18 changed files with 1098 additions and 0 deletions
29
roles/k3s/README.md
Normal file
29
roles/k3s/README.md
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# Role: k3s
|
||||
|
||||
Installs a single-node K3s cluster on Debian bookworm. Used as the runtime for
|
||||
the `ess-pro` role.
|
||||
|
||||
## Design choices
|
||||
|
||||
- **Traefik disabled inside K3s** because the project's DMZ Traefik already
|
||||
fronts the cluster. Routing happens via NodePort/ClusterIP through the
|
||||
external Traefik. If you want K3s' bundled Traefik as the ingress
|
||||
controller, remove `traefik` from `k3s_disable_components` and adjust the
|
||||
upstream Traefik to route by host headers only.
|
||||
- **servicelb (Klipper) disabled** for the same reason — no LoadBalancer
|
||||
services needed in the PoC.
|
||||
|
||||
## Variables
|
||||
|
||||
See `defaults/main.yml`. Override `k3s_version` to pin a specific K3s
|
||||
release. The cluster/service CIDRs default to K3s' standard ranges; only
|
||||
change if they clash with your libvirt networks.
|
||||
|
||||
## Usage
|
||||
|
||||
```yaml
|
||||
- hosts: vdmzess01
|
||||
roles:
|
||||
- role: k3s
|
||||
- role: ess-pro
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue