This message was deleted Rancher Users #rke2

Join Slack

This message was deleted.

# rke2

adamant-kite-43734

09/05/2022, 9:06 AM

This message was deleted.

creamy-pencil-82913

09/05/2022, 9:32 AM

You shouldn’t really need to set those, IP and hostname SANs are already added by default. the tls-san flag is mostly just there in case you have a load-balancer or something that has an additional hostname that you need the cert to be valid for. Is there some reason you’re explicitly adding them?

freezing-teacher-93828

09/05/2022, 2:09 PM

Interesting, I believe it should then be enough to just keep the virtual IP and its hostname:

Copy code

tls-san:
- <http://cluster.example.com|cluster.example.com>
- 12.34.56.78

(I use a virtual IP address that is handled by kube-vip for having a High Availability cluster)

2 Views

Open in Slack

Previous Next