Fix kube_api_endpoint variable passing for HA cluster

- Remove circular variable reference in site.yml
- Add kube_api_endpoint default to k3s-server role
- Variable is set via inventory group_vars and passed to role
- Primary CP now correctly adds LB IP to TLS SANs

Note: Existing cluster needs destroy/rebuild to regenerate certificates.

ansible/roles/k3s-server/defaults/main.yml

@@ -6,3 +6,5 @@ k3s_primary_public_ip: ""
 k3s_disable_embedded_ccm: true
 k3s_disable_servicelb: true
 k3s_kubelet_cloud_provider_external: true
+# Load Balancer endpoint for HA cluster joins (set in inventory)
+kube_api_endpoint: ""

ansible/site.yml

@@ -24,7 +24,7 @@
     k3s_primary_public_ip: "{{ ansible_host }}"
     k3s_primary_ip: "{{ k3s_private_ip }}"
     k3s_node_ip: "{{ k3s_private_ip }}"
-    kube_api_endpoint: "{{ kube_api_endpoint }}"
+    # kube_api_endpoint is set in inventory group_vars
 
   roles:
     - k3s-server