This message was deleted.
# k3s
a
This message was deleted.
l
Please anybody with an idea?
c
--tls-san or --tls-san-security?
What sort of environment are you in that you would need to set --tls-san? Do you have the k3s apiserver behind an external load-balancer or dns alias?
l
—tls-san …. The api ip is a VIP. So e.g. moved from control-plane node A to B if A goes down. In certain environments .. the api is behind a dns name. Thank you
c
in that case yes, you should add --tls-san entries for the VIP address and hostname, on all the servers.
but you always should have been doing that, that’s what the setting is for.
🎯 1