This message was deleted.
# k3sa
adamant-kite-43734
09/18/2023, 9:42 AMThis message was deleted.
l
late-needle-80860
09/19/2023, 9:22 AMPlease anybody with an idea?
c
creamy-pencil-82913
09/19/2023, 5:05 PM--tls-san or --tls-san-security?
creamy-pencil-82913
09/19/2023, 5:05 PMWhat sort of environment are you in that you would need to set --tls-san? Do you have the k3s apiserver behind an external load-balancer or dns alias?
l
late-needle-80860
09/20/2023, 5:34 AM—tls-san ….
The api ip is a VIP. So e.g. moved from control-plane node A to B if A goes down.
In certain environments .. the api is behind a dns name.
Thank you
c
creamy-pencil-82913
09/20/2023, 4:51 PMin that case yes, you should add --tls-san entries for the VIP address and hostname, on all the servers.
creamy-pencil-82913
09/20/2023, 4:51 PMbut you always should have been doing that, that’s what the setting is for.
🎯 1