feat(ess_pro): deploy Element Server Suite Pro via K3s + Helm
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
This commit is contained in:
parent
c11f019aae
commit
01fd12d75c
18 changed files with 1098 additions and 0 deletions
27
roles/k3s/defaults/main.yml
Normal file
27
roles/k3s/defaults/main.yml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
# K3s installation defaults
|
||||
# See https://docs.k3s.io/installation/configuration for all options.
|
||||
|
||||
k3s_version: "v1.31.5+k3s1"
|
||||
k3s_install_script_url: "https://get.k3s.io"
|
||||
|
||||
# Disable K3s' built-in Traefik because the project's DMZ Traefik is already
|
||||
# in front and we don't want two competing ingress controllers.
|
||||
# Also disable servicelb (Klipper) since we route via the K3s node IP directly.
|
||||
k3s_disable_components:
|
||||
- traefik
|
||||
- servicelb
|
||||
|
||||
# Bind kubeconfig readable for the deploy user (default vagrant).
|
||||
# In production tighten this back to 600 and copy explicitly.
|
||||
k3s_write_kubeconfig_mode: "0644"
|
||||
|
||||
# Channel selection. Use stable for PoC, lock to k3s_version above for prod.
|
||||
k3s_channel: "stable"
|
||||
|
||||
# Cluster CIDRs (rarely need touching, set if conflicting with libvirt nets).
|
||||
k3s_cluster_cidr: "10.42.0.0/16"
|
||||
k3s_service_cidr: "10.43.0.0/16"
|
||||
|
||||
# Extra args appended to INSTALL_K3S_EXEC.
|
||||
k3s_extra_args: []
|
||||
Loading…
Add table
Add a link
Reference in a new issue