feat(k3s): add custom tls-san snippets

docs/k3s/install.md

@@ -0,0 +1,43 @@
+# K3s
+
+This guide assumes 3 nodes which are already setup with a minimal OS installation and network connectivity. Also make
+sure DNS entries are in place for all nodes.
+
+Our examples bellow use the following nodes:
+
+| Node | Role | FQDN | IP Address ^ |
+|---|---|---|---|
+| proxy | HAProxy loadbalancer | proxy.k3s.siempie.internal | 192.168.10.230 |
+| node01 | Master + Worker | node01.k3s.siempie.internal | 192.168.10.231 |
+| node02 | Master + Worker | node02.k3s.siempie.internal | 192.168.10.232 |
+| node03 | Master + Worker | node03.k3s.siempie.internal | 192.168.10.233 |
+
+Our API and HTTP workloads will be proxied via the HAProxy loadbalancer. The k3s api server will be accessible at
+`https://workload.k3s.siempie.internal:6443`. The HAProxy configuration is found
+[here](<https://docs.simoncor.net/linux/haproxy>).
+
+## Boostrap k3s with a custom TLS SAN
+
+```bash
+# Node 1 (first master)
+curl -sfL https://get.k3s.io | sh -s - server \
+  --cluster-init \
+  --tls-san workload.k3s.siempie.internal \
+  --tls-san node01 \
+  --tls-san node01.k3s.siempie.internal
+
+# Save token for other nodes
+cat /var/lib/rancher/k3s/server/node-token
+```
+
+## Join other masters
+
+```bash
+# Node 2 and 3 (other masters)
+curl -sfL https://get.k3s.io | sh -s - server \
+  --server https://node01:6443 \
+  --token <token-from-node01> \
+  --tls-san workload.k3s.siempie.internal \
+  --tls-san node02 \
+  --tls-san node02.k3s.siempie.internal
+```