kubernetes: Configure keepalived on control plane

Control plane nodes will now run _keepalived_, to provide a "floating"
IP address that is assigned to one of the nodes at a time.  This
address (172.30.0.169) is now the target of the DNS A record for
_kubernetes.pyrocufflink.blue_, so clients will always communicate with
the server that currently holds the floating address, whichever that may
be.

I was originally inspired by the official Kubernetes [High Availability
Considerations][0] document when designing this.  At first, I planned to
deploy _keepalived_ and HAProxy as DaemonSets on the control plane
nodes, but this ended up being somewhat problematic whenever all of the
control plane nodes would go down at once, as the _keepalived_ and
HAProxy pods would not get scheduled and thus no clients communicate
with the API servers.

[0]: 9d7cfab6fe/docs/ha-considerations.md

group_vars/k8s-controller.yml

@@ -1,2 +1,23 @@
 collectd_processes: '{{ collectd_processes_kubelet + collectd_processes_controller}}'
 dnf_automatic_reboot: never
+
+keepalived_global_defs: |-
+  max_auto_priority 79
+
+vrrp_track_process:
+  kube-apiserver: |-
+    process kube-apiserver
+    weight 90
+
+vrrp_instance:
+  kube-apiserver: |-
+    state BACKUP
+    priority ${_RANDOM 1 100}
+    interface {{ ansible_default_ipv4.interface }}
+    virtual_router_id 49
+    virtual_ipaddress {
+        172.30.0.169/27
+    }
+    track_process {
+        kube-apiserver
+    }

kubernetes.yml

@@ -1,5 +1,8 @@
 - hosts: k8s-controller
   roles:
+  - role: keepalived
+    tags:
+    - keepalived
   - role: kubelet
 
 - hosts: k8s-node