Use Tailscale DNS names instead of IPs for TLS SANs

Changed from hardcoded Tailscale IPs to DNS names:
- k8s-cluster-cp-1.silverside-gopher.ts.net
- k8s-cluster-cp-2.silverside-gopher.ts.net
- k8s-cluster-cp-3.silverside-gopher.ts.net

This is more robust since Tailscale IPs change on rebuild,
but DNS names remain consistent.

After next rebuild, cluster accessible via:
- kubectl --server=https://k8s-cluster-cp-1.silverside-gopher.ts.net:6443

ansible/roles/k3s-server/defaults/main.yml

@@ -8,8 +8,9 @@ k3s_disable_servicelb: true
 k3s_kubelet_cloud_provider_external: true
 # Load Balancer endpoint for HA cluster joins (set in inventory)
 kube_api_endpoint: ""
-# Tailscale IPs for control planes (to enable tailnet access)
-tailscale_control_plane_ips:
-  - "100.120.55.97"   # cp-1
-  - "100.108.90.123"  # cp-2
-  - "100.92.149.85"   # cp-3
+# Tailscale DNS names for control planes (to enable tailnet access)
+# Using DNS names instead of IPs since Tailscale IPs change on rebuild
+tailscale_control_plane_names:
+  - "k8s-cluster-cp-1.silverside-gopher.ts.net"
+  - "k8s-cluster-cp-2.silverside-gopher.ts.net"
+  - "k8s-cluster-cp-3.silverside-gopher.ts.net"