This message was deleted.

Switch to dedicated IPs - don’t use DHCP. If that isn’t possible for some reason then the only hope I can think of is to use some kind of dynamic DNS mapping to the DHCP provided IP addresses and base your certificates on that FQDN instead of IP. I notice in /etc/rancher/rke2/config.yaml it is specifying on the local cluster dns and the IP of the node in the TLS SANs. This is what you’ll need to tackle and get the FQDN in there. Since most of our clusters are still RKE and we’re early in the journey with RKE2 and we use static IP, that’s about as far as I can go off the top of my head.

DHCP servers are capable of creating static IPs so that you get the same every time.

We went for a different solution. As Ubuntu sends a DHCP release command just before a shuts down we noticed that even with the correct dhcp configuration the address still got released. We could prevent sending Ubuntu the release command by updating the /etc/systemd/networkd.conf file with the KeepConfiguration option. Downside is that as we have quit small subnet available for hosts we can’t handle really long lease times for DHCP, as the pool can get exhausted when recycle hosts. For us this is working better (as we are using vSphere in this case): https://www.virtualthoughts.co.uk/2020/03/29/rancher-vsphere-network-protocol-profiles-and-static-ip-addresses-for-k8s-nodes/ as this assigns always the same ip to a node as long as the node is not deleted.