Digitalboard/digitalboard.core
6
2
Fork 0
Code Pull requests 1 Releases Packages Activity Actions
digitalboard.core/roles/ess-pro/tasks/deploy.yml
Tobias Wüst 01fd12d75c feat(ess_pro): deploy Element Server Suite Pro via K3s + Helm 
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk
stack. Integrates with existing Keycloak (OIDC), Garage (S3 media)
and OpenBao (secrets). Hostnames under digitalboard.ch.
2026-05-27 23:46:37 +02:00

63 lines
2.2 KiB
YAML
Raw Blame History

---
- name: Render ESS values.yaml
ansible.builtin.template:
src: values.yaml.j2
dest: "{{ ess_pro_values_file }}"
owner: root
group: root
mode: "0640"
- name: Deploy / upgrade ESS Pro Helm release
kubernetes.core.helm:
kubeconfig: "{{ ess_pro_kubeconfig }}"
name: "{{ ess_pro_release_name }}"
chart_ref: "{{ ess_pro_chart_ref }}"
chart_version: "{{ ess_pro_chart_version | default(omit, true) }}"
release_namespace: "{{ ess_pro_namespace }}"
create_namespace: false
values_files:
- "{{ ess_pro_values_file }}"
wait: "{{ ess_pro_helm_wait | bool }}"
wait_timeout: "{{ ess_pro_helm_timeout }}"
atomic: false
state: present
register: helm_release
- name: Show release status
ansible.builtin.debug:
msg: "{{ helm_release.status | default('no status returned') }}"
when: helm_release is defined
- name: Wait for Synapse pod to be Ready
kubernetes.core.k8s_info:
kubeconfig: "{{ ess_pro_kubeconfig }}"
kind: Pod
namespace: "{{ ess_pro_namespace }}"
label_selectors:
- "app.kubernetes.io/name=synapse"
register: synapse_pods
until:
- synapse_pods.resources | length > 0
- synapse_pods.resources[0].status.containerStatuses is defined
- (synapse_pods.resources[0].status.containerStatuses | selectattr('ready', 'equalto', true) | list | length) > 0
retries: 30
delay: 10
- name: Fetch the localadmin bootstrap password (one-shot, only printed in verbose runs)
kubernetes.core.k8s_info:
kubeconfig: "{{ ess_pro_kubeconfig }}"
kind: Secret
namespace: "{{ ess_pro_namespace }}"
name: "{{ ess_pro_release_name }}-generated"
register: ess_generated_secret
when: ess_pro_create_initial_admin | bool
no_log: true
- name: Show how to retrieve the localadmin password
ansible.builtin.debug:
msg: |
ESS Pro is up. To get the localadmin password:
kubectl -n {{ ess_pro_namespace }} get secrets/{{ ess_pro_release_name }}-generated \
-o jsonpath='{.data.ADMIN_USER_PASSWORD}' | base64 -d
Login at https://{{ ess_pro_hostnames.element_admin }} as @localadmin:{{ ess_pro_server_name }}
when: ess_pro_create_initial_admin | bool
View git blame Copy permalink