anyone found a nice pattern to retrieve the kubeconfig from rancher-users #k3s

Title

quaint-florist-50524

04/19/2023, 4:27 PM

anyone found a nice pattern to retrieve the kubeconfig from a server in a HA setup that is tf created? I feel like the right way is probably setting up all tls stuff locally but I feel then I can right away go with vanilla k8s..

rich-cartoon-70161

04/19/2023, 4:32 PM

I just copy it from one of the control plane hosts

With some scp provider

I think custom tls setup is overkill for k3s which tries to be simple

quaint-florist-50524

04/19/2023, 5:02 PM

yeah but for that I'd need to have a bastion host or vpn etc

I probably use aws' secret manager to store it from the instance but also not 100% happy with that

ideally there would be a official k3s tf module that would take care of the tls stuff

I know there is a bash script but I feel that won't work out the box with multiple servers either

rich-cartoon-70161

04/19/2023, 5:05 PM

Okay are you provisioning on aws using only cloud-init? Because in my setup I have to fall back to provisioner localexec via ssh to install/update additional control plane components… so copying isn’t a big problem

curved-army-69172

04/20/2023, 8:19 AM

maybe a manifest for the system-upgrade-controller to push the config somehwere safe? I use that to install chrony on all nodes - so @rich-cartoon-70161 that could be a solution for your localexec as well?

#k3s Join Slack