Offer a full Incus deployment as part of Incus initialization #497
Description
Currently IncusOS makes it easy to get Incus up and running, including some basic initialization, giving users an initial network and storage pool for their instances.
But to provide the full Incus experience, we'd ideally like to also provide:
- An OIDC identity provider (Zitadel, Authentik, Keycloak, ...)
- An OpenFGA instance for authorization
- A Loki server for logging
- A Prometheus server for Incus and system metrics
- A Grafana server for dashboards (integrated with OIDC for login)
- A reverse proxy (haproxy, traefik, ...) to front everything
This would be all be optionally deployed as part of initialization within an internal Incus project and attached to a VXLAN network, making it easy to eventually span this to multiple systems within a cluster (without requiring VLANs or other complex network configuration).
In addition, that same internal project could be used to deploy:
- Linstor controller
- Ceph services (OSD, MON, MGR, MDS, RGW, ...)
- OVN services (OVSDB for NorthBound, SouthBound, northd, IC databases, ...)
To make this easy to deploy and manage, we should try to have all of those deployed from OCI images with IncusOS being responsible for generating an initial configuration (environment variables mostly) and then offering the ability to update them by re-building them from the latest version of their respective image.
This would then provide the full Incus experience, all deployed safely on top of IncusOS and with minimal user maintenance required.
(Once we manage to sort all of this one, the next step will be to handle easy clustering, making it as simple as possible to go from a single Incus server with all the aforementioned services to a cluster of 3+ machines with those services getting automatically spread over them)