https://rancher.com/ logo
#rke2
Title
# rke2
a

adamant-kite-43734

09/05/2022, 9:06 AM
This message was deleted.
c

creamy-pencil-82913

09/05/2022, 9:32 AM
You shouldn’t really need to set those, IP and hostname SANs are already added by default. the tls-san flag is mostly just there in case you have a load-balancer or something that has an additional hostname that you need the cert to be valid for. Is there some reason you’re explicitly adding them?
f

freezing-teacher-93828

09/05/2022, 2:09 PM
Interesting, I believe it should then be enough to just keep the virtual IP and its hostname:
Copy code
tls-san:
- <http://cluster.example.com|cluster.example.com>
- 12.34.56.78
(I use a virtual IP address that is handled by kube-vip for having a High Availability cluster)
2 Views