https://rancher.com/ logo
#k3s
Title
q

quaint-florist-50524

04/19/2023, 4:27 PM
anyone found a nice pattern to retrieve the kubeconfig from a server in a HA setup that is tf created? I feel like the right way is probably setting up all tls stuff locally but I feel then I can right away go with vanilla k8s..
r

rich-cartoon-70161

04/19/2023, 4:32 PM
I just copy it from one of the control plane hosts
With some scp provider
I think custom tls setup is overkill for k3s which tries to be simple
q

quaint-florist-50524

04/19/2023, 5:02 PM
yeah but for that I'd need to have a bastion host or vpn etc
I probably use aws' secret manager to store it from the instance but also not 100% happy with that
ideally there would be a official k3s tf module that would take care of the tls stuff
I know there is a bash script but I feel that won't work out the box with multiple servers either
r

rich-cartoon-70161

04/19/2023, 5:05 PM
Okay are you provisioning on aws using only cloud-init? Because in my setup I have to fall back to provisioner localexec via ssh to install/update additional control plane components… so copying isn’t a big problem
c

curved-army-69172

04/20/2023, 8:19 AM
maybe a manifest for the system-upgrade-controller to push the config somehwere safe? I use that to install chrony on all nodes - so @rich-cartoon-70161 that could be a solution for your localexec as well?