Tobias Wüst
01fd12d75c
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
874 B
874 B
Role: k3s
Installs a single-node K3s cluster on Debian bookworm. Used as the runtime for
the ess-pro role.
Design choices
- Traefik disabled inside K3s because the project's DMZ Traefik already
fronts the cluster. Routing happens via NodePort/ClusterIP through the
external Traefik. If you want K3s' bundled Traefik as the ingress
controller, remove
traefikfromk3s_disable_componentsand adjust the upstream Traefik to route by host headers only. - servicelb (Klipper) disabled for the same reason — no LoadBalancer services needed in the PoC.
Variables
See defaults/main.yml. Override k3s_version to pin a specific K3s
release. The cluster/service CIDRs default to K3s' standard ranges; only
change if they clash with your libvirt networks.
Usage
- hosts: vdmzess01
roles:
- role: k3s
- role: ess-pro