https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rke2
a
This message was deleted.
c
server names and IPs are automatically included. You only need to specify things that the cluster doesn’t know about, like external load-balancer addresses or DNS aliases.
s
Oh, I didn't know that. How neat! You don't happen to have a pointer to a piece of documentation or at least some code where I should have read to figure this out? 🙏
c
https://docs.rke2.io/install/ha covers external load-balancers or DNS aliases, and the tls-san parameter
you should launch the server with the 
tls-san
parameter set. This option adds an additional hostname or IP as a Subject Alternative Name in the server’s TLS cert
s
Ah, right. And in "additional" it's implicit that the server hostname and IP for that particular node is already included.
Thanks a lot!!
c
yes. the flag help also says that: https://docs.rke2.io/reference/server_config
tls-san Add additional hostnames or IPv4/IPv6 addresses as Subject Alternative Names on the server TLS cert
s
Yeah, I just missed it because I didn't know that the hostname and IP were already included.
c
there are a couple other things in there by default as well, you can check the cert to see for sure what it has in your environment
s
It's nigh on impossible to write docs so everyone gets all the details. 🙃
Checking the cert is a sure-fire way. Makes a lot of sense. Thanks for that suggestion.
And while I have you on the line, and if you don't mind: I'm a bit unsure how to handle the 
server
field in the config. I understand that it's required for joining new nodes to an existing cluster, and thus not required for the initial node. But if I were to add it to the initial node, there would be no harm in that, right? I'm asking because I'm making an Ansible playbook and it's easier for me if all the configs looks similar. > Server to connect to, used to join a cluster
c
its essentially ignored once the node has joined the etcd cluster. so it’s fine to set on an existing server.
s
That's excellent. Thank you so much! 👍
No, seems like 
server
must not exist in the origin node. If I have it present, I get the following errors during installation:
You are right in that it has no effect on a running system. I mistook that for meaning it's always OK to have.
2 Views
Open in Slack
PreviousNext
Powered by