diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8c03978..848a220 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -41,6 +41,6 @@ ansible-k3s-dev:
   extends: .ansible
   script:
     - ansible-galaxy install -r $CI_PROJECT_DIR/ansible/roles/k3s/requirements.yaml
-    - ansible-playbook $CI_PROJECT_DIR/ansible/k3s.yaml -l dev-cluster
+    - ansible-playbook $CI_PROJECT_DIR/ansible/k3s.yaml -e dev-cluster
   rules:
     - if: '$SCRIPT == "k3s-dev"'
diff --git a/ansible/k3s.yaml b/ansible/k3s.yaml
index 5f60012..42daff1 100644
--- a/ansible/k3s.yaml
+++ b/ansible/k3s.yaml
@@ -1,10 +1,48 @@
-- hosts: master
+- name: Validate cluster selection and derive group names
+  hosts: localhost
+  gather_facts: false
+  vars:
+    cluster: "{{ cluster | default('') }}"
+    cluster_prefix: "{{ cluster | regex_replace('-cluster$', '') }}"
+    master_group: "{{ cluster_prefix }}-master"
+    node_group: "{{ cluster_prefix }}-node"
+  tasks:
+    - name: cluster must be provided
+      ansible.builtin.assert:
+        that:
+          - cluster | length > 0
+        fail_msg: "Missing required var 'cluster'. Example: -e cluster=dev-cluster"
+
+    - name: cluster must be a *-cluster group
+      ansible.builtin.assert:
+        that:
+          - cluster is match('.*-cluster$')
+        fail_msg: "cluster must end with '-cluster' (ex: dev-cluster). Got: {{ cluster }}"
+
+    - name: cluster group must exist in inventory
+      ansible.builtin.assert:
+        that:
+          - cluster in groups
+        fail_msg: "Cluster group '{{ cluster }}' not found in inventory."
+
+    - name: derived master/node groups must exist in inventory
+      ansible.builtin.assert:
+        that:
+          - master_group in groups
+          - node_group in groups
+        fail_msg: >-
+          Expected derived groups '{{ master_group }}' and '{{ node_group }}' to exist in inventory
+          for cluster '{{ cluster }}'.
+
+- name: Install k3s on master nodes (derived from cluster)
+  hosts: "{{ (cluster | regex_replace('-cluster$', '')) ~ '-master' }}"
   gather_facts: yes
   become: yes
   roles:
     - base
 
-- hosts: node
+- name: Install k3s on worker nodes (derived from cluster)
+  hosts: "{{ (cluster | regex_replace('-cluster$', '')) ~ '-node' }}"
   gather_facts: yes
   become: yes
   roles:
diff --git a/invintory.yaml b/invintory.yaml
index e48c6b2..82d3d96 100644
--- a/invintory.yaml
+++ b/invintory.yaml
@@ -28,14 +28,18 @@ dev-master:
     192.168.10.11:
     192.168.10.12:
     192.168.10.13:
-    192.168.11.11:
-    192.168.11.12:
-    192.168.11.13:
 dev-node:
   hosts:
     192.168.10.21:
     192.168.10.22:
     192.168.10.23:
+prd-master:
+  hosts:
+    192.168.11.11:
+    192.168.11.12:
+    192.168.11.13:
+prd-node:
+  hosts:
     192.168.11.21:
     192.168.11.22:
     192.168.11.23:
@@ -48,6 +52,11 @@ dev-cluster:
     dev-master:
     dev-node:
 
+prd-cluster:
+  children:
+    prd-master:
+    prd-node:
+
 dmz-cluster:
   children:
     dmz-master: