This message was deleted.
# k3s
a
This message was deleted.
r
I just copy it from one of the control plane hosts
With some scp provider
I think custom tls setup is overkill for k3s which tries to be simple
q
yeah but for that I'd need to have a bastion host or vpn etc
I probably use aws' secret manager to store it from the instance but also not 100% happy with that
ideally there would be a official k3s tf module that would take care of the tls stuff
I know there is a bash script but I feel that won't work out the box with multiple servers either
r
Okay are you provisioning on aws using only cloud-init? Because in my setup I have to fall back to provisioner localexec via ssh to install/update additional control plane components… so copying isn’t a big problem
c
maybe a manifest for the system-upgrade-controller to push the config somehwere safe? I use that to install chrony on all nodes - so @rich-cartoon-70161 that could be a solution for your localexec as well?