feat(ansible): add K3s installation playbooks and configuration templates

ansible/playbooks/site.yml

@@ -0,0 +1,93 @@
+# K3s 集群安装 Playbook
+---
+- name: Validate environment
+  hosts: localhost
+  gather_facts: no
+  tasks:
+    - name: Check TAILSCALE_AUTH_KEY
+      ansible.builtin.fail:
+        msg: "请设置: export TAILSCALE_AUTH_KEY='tskey-auth-xxx'"
+      when: lookup('env', 'TAILSCALE_AUTH_KEY') | length == 0
+
+    - name: Check SSH credentials
+      ansible.builtin.debug:
+        msg: |
+          {% if lookup('env', 'SSH_PASSWORD') | length > 0 %}
+          ✓ 使用密码登录 (首次安装)
+          {% else %}
+          ✓ 使用密钥登录
+          {% endif %}
+
+# ============================================
+# 阶段 1: SSH 安全加固 (可选，首次安装时使用)
+# ============================================
+- name: SSH Security Hardening
+  hosts: k3s_cluster
+  gather_facts: no
+  tags: [ssh, never]
+  roles:
+    - ssh
+
+# ============================================
+# 阶段 2: 基础配置
+# ============================================
+- name: Common Setup
+  hosts: k3s_cluster
+  gather_facts: yes
+  tags: [common]
+  roles:
+    - common
+
+# ============================================
+# 阶段 3: 安装 K3s (按顺序: init -> masters -> agents)
+# ============================================
+- name: Install K3s on init node
+  hosts: masters
+  gather_facts: yes
+  serial: 1
+  tags: [k3s]
+  roles:
+    - role: k3s
+      when: cluster_init | default(false)
+
+- name: Install K3s on other masters
+  hosts: masters
+  gather_facts: yes
+  serial: 1
+  tags: [k3s]
+  roles:
+    - role: k3s
+      when: not (cluster_init | default(false))
+
+- name: Install K3s on agents
+  hosts: agents
+  gather_facts: yes
+  tags: [k3s]
+  roles:
+    - k3s
+
+# ============================================
+# 阶段 4: 显示集群状态
+# ============================================
+- name: Show cluster status
+  hosts: masters
+  gather_facts: no
+  tags: [status]
+  run_once: true
+  tasks:
+    - name: Get nodes
+      ansible.builtin.shell: kubectl get nodes -o wide
+      environment:
+        KUBECONFIG: /etc/rancher/k3s/k3s.yaml
+      register: nodes
+      when: cluster_init | default(false)
+
+    - name: Display nodes
+      ansible.builtin.debug:
+        msg: |
+          ══════════════════════════════════════════════════════════════
+          K3s 集群节点:
+          {{ nodes.stdout }}
+          ══════════════════════════════════════════════════════════════
+      when: cluster_init | default(false)
+