Tobias Wüst
01fd12d75c
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
29 lines
874 B
Markdown
29 lines
874 B
Markdown
# Role: k3s
|
|
|
|
Installs a single-node K3s cluster on Debian bookworm. Used as the runtime for
|
|
the `ess-pro` role.
|
|
|
|
## Design choices
|
|
|
|
- **Traefik disabled inside K3s** because the project's DMZ Traefik already
|
|
fronts the cluster. Routing happens via NodePort/ClusterIP through the
|
|
external Traefik. If you want K3s' bundled Traefik as the ingress
|
|
controller, remove `traefik` from `k3s_disable_components` and adjust the
|
|
upstream Traefik to route by host headers only.
|
|
- **servicelb (Klipper) disabled** for the same reason — no LoadBalancer
|
|
services needed in the PoC.
|
|
|
|
## Variables
|
|
|
|
See `defaults/main.yml`. Override `k3s_version` to pin a specific K3s
|
|
release. The cluster/service CIDRs default to K3s' standard ranges; only
|
|
change if they clash with your libvirt networks.
|
|
|
|
## Usage
|
|
|
|
```yaml
|
|
- hosts: vdmzess01
|
|
roles:
|
|
- role: k3s
|
|
- role: ess-pro
|
|
```
|