This message was deleted.
# k3sa
adamant-kite-43734
04/19/2023, 4:27 PMThis message was deleted.
r
rich-cartoon-70161
04/19/2023, 4:32 PMI just copy it from one of the control plane hosts
rich-cartoon-70161
04/19/2023, 4:32 PMWith some scp provider
rich-cartoon-70161
04/19/2023, 4:37 PMI think custom tls setup is overkill for k3s which tries to be simple
q
quaint-florist-50524
04/19/2023, 5:02 PMyeah but for that I'd need to have a bastion host or vpn etc
quaint-florist-50524
04/19/2023, 5:02 PMI probably use aws' secret manager to store it from the instance but also not 100% happy with that
quaint-florist-50524
04/19/2023, 5:03 PMideally there would be a official k3s tf module that would take care of the tls stuff
quaint-florist-50524
04/19/2023, 5:03 PMI know there is a bash script but I feel that won't work out the box with multiple servers either
r
rich-cartoon-70161
04/19/2023, 5:05 PMOkay are you provisioning on aws using only cloud-init? Because in my setup I have to fall back to provisioner localexec via ssh to install/update additional control plane components… so copying isn’t a big problem
c
curved-army-69172
04/20/2023, 8:19 AMmaybe a manifest for the system-upgrade-controller to push the config somehwere safe? I use that to install chrony on all nodes - so @rich-cartoon-70161 that could be a solution for your localexec as well?