This sample project has simplifications, compared to a real-world infrastructure.
- Bastion and internal nodes use the same key-pair.
- Simplified Ansible lifecycle: playbooks support changes in a simplistic way, including possibly unnecessary restarts.
- etcd exposed as HTTP, not HTTPS. No certificate handling.
If an etcd node gets destroyed, and you reprovision it with Ansible, not data are lost, but the new node will not be able to join the cluster.
It would require to reconfigure the cluster, removing the dead node and adding the new one, using the runtime reconfiguration API.
The newly provisioned node should also start with inital-cluster-state=existing parameter, while etcd.service generated by Ansible has inital-cluster-state=new.