Fix HA cluster join via Load Balancer private IP

Changes:
- Use LB private IP (10.0.1.5) instead of public IP for cluster joins
- Add LB private IP to k3s TLS SANs on primary control plane
- This allows secondary CPs and workers to verify certificates when joining via LB

Fixes x509 certificate validation error when joining via LB public IP.

ansible/roles/k3s-server/tasks/main.yml

@@ -63,6 +63,7 @@
     --node-ip={{ k3s_node_ip }}
     --tls-san={{ k3s_primary_ip }}
     --tls-san={{ k3s_primary_public_ip }}
+    --tls-san={{ kube_api_endpoint }}
     {% if k3s_disable_embedded_ccm | bool %}--disable-cloud-controller{% endif %}
     {% if k3s_disable_servicelb | bool %}--disable=servicelb{% endif %}
     {% if k3s_kubelet_cloud_provider_external | bool %}--kubelet-arg=cloud-provider=external{% endif %}