# Role: k3s

Installs a single-node K3s cluster on Debian bookworm. Used as the runtime for
the `ess-pro` role.

## Design choices

- **Traefik disabled inside K3s** because the project's DMZ Traefik already
  fronts the cluster. Routing happens via NodePort/ClusterIP through the
  external Traefik. If you want K3s' bundled Traefik as the ingress
  controller, remove `traefik` from `k3s_disable_components` and adjust the
  upstream Traefik to route by host headers only.
- **servicelb (Klipper) disabled** for the same reason — no LoadBalancer
  services needed in the PoC.

## Variables

See `defaults/main.yml`. Override `k3s_version` to pin a specific K3s
release. The cluster/service CIDRs default to K3s' standard ranges; only
change if they clash with your libvirt networks.

## Usage

```yaml
- hosts: vdmzess01
  roles:
    - role: k3s
    - role: ess-pro
```