feat: Add HA Kubernetes cluster with Terraform + Ansible

- 3x CX23 control plane nodes (HA)
- 4x CX33 worker nodes
- k3s with embedded etcd
- Hetzner CCM for load balancers
- Gitea CI/CD workflows
- Backblaze B2 for Terraform state

ansible/roles/ccm/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Check if Hetzner CCM is already deployed
+  command: kubectl get namespace hetzner-cloud-system
+  register: ccm_namespace
+  failed_when: false
+  changed_when: false
+
+- name: Create Hetzner CCM namespace
+  command: kubectl create namespace hetzner-cloud-system
+  when: ccm_namespace.rc != 0
+  changed_when: true
+
+- name: Create Hetzner cloud secret
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: hcloud
+        namespace: hetzner-cloud-system
+      stringData:
+        token: "{{ hcloud_token }}"
+        network: "{{ cluster_name }}-network"
+  no_log: true
+  when: hcloud_token is defined
+
+- name: Deploy Hetzner CCM
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ item }}"
+  loop:
+    - https://raw.githubusercontent.com/hetznercloud/hcloud-cloud-controller-manager/main/deploy/ccm-networks.yaml
+  when: ccm_namespace.rc != 0
+
+- name: Wait for CCM pods to be ready
+  command: kubectl rollout status deployment/hcloud-cloud-controller-manager -n hetzner-cloud-system
+  changed_when: false
+  retries: 30
+  delay: 10