<https://docs.k3s.io/datastore/cluster-loadbalance...
# generalb
best-salesclerk-43538
05/31/2024, 4:40 AMhttps://docs.k3s.io/datastore/cluster-loadbalancer what is tls san address ?
c
creamy-pencil-82913
05/31/2024, 5:26 AMIt is one or more additional addresses to add to the subject alternative name (SAN) attribute on the server certificate.
creamy-pencil-82913
05/31/2024, 5:27 AMAs shown in that example, could be the name or address of a load balancer that you are putting in front of the servers
b
best-salesclerk-43538
05/31/2024, 5:27 AMThen wouldn’t it again be single point failure ?
c
creamy-pencil-82913
05/31/2024, 7:13 AMwouldn’t what be a single point of failure?
b
best-salesclerk-43538
05/31/2024, 7:14 AMthe loadbalancer address i use for tls san
c
creamy-pencil-82913
05/31/2024, 7:15 AM…
creamy-pencil-82913
05/31/2024, 7:15 AMideally you would use an external load-balancer that was more reliable or has better availability than any individual server node
creamy-pencil-82913
05/31/2024, 7:16 AMbut if your load-balancer is less reliable than just picking one of your servers to use when joining new nodes to the cluster, then I’m not sure why you’d use it either
b
best-salesclerk-43538
05/31/2024, 7:17 AMso instead of it, using round robin dns can have better availability 🤔 ?
c
creamy-pencil-82913
05/31/2024, 7:17 AMI don’t see many scenarios where people have load-balancers that are more of a single point of failure than a single server
creamy-pencil-82913
05/31/2024, 7:17 AMI don’t know, how much of a single point of failure is your DNS?
creamy-pencil-82913
05/31/2024, 7:17 AMis that more or less reliable than your load balancer?
b
best-salesclerk-43538
05/31/2024, 7:17 AMi am using cloudflare
c
creamy-pencil-82913
05/31/2024, 7:18 AMI would probably decide what is most reliable, and use that. If you’re using a DNS alias, you’d still need a tls san entry for the DNS alias.
creamy-pencil-82913
05/31/2024, 7:19 AMuse it however makes sense in your environment. that page just shows an example.
👍 1
11 Views