-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cluster CA certificate is not trusted #85
Comments
Hi @rdlaitila, thanks for your question. I didn't used it with the last release on k3s; if it possible, could you test it with v1.21.x ? Something probably changed since the last time I used it. EDIT: I didn't have time this week to test it, but I will try to check this issue this weekend |
@xunleii Thanks for the reply I did try with |
I'd suggest trying with I got a similar problem where the first global flag was ignored for some obscure reason ( the first hyphen was not read by the k3s-agent command) and adding the quotes and escaping the first hyphen fixed it. |
This is a real issue, for me specifying: global_flags = [
"--tls-san ${var.my_cluster_ip}"
] results in the first hyphen to be removed as checking the
This is super weird, I checked the code in the repo, even "logged" out some commands but couldn't find the reason why it would just remove one Super weird, if it wouldn't be for this issue I probably would've gone crazy. Thank you @Meallia, your workaround works great but this should really get fixed. |
I also checked the code and I'm rather confident the issue is not related to this repo but comes from some strange interaction between k3s and systemd. I think this is the issue that made me try this workaround : k3s-io/k3s#1125 |
Sorry for this long absence, I didn't have much time these last months. Thanks @Meallia for your workaround. I will create a PR to add it. EDIT: after reading k3s-io/k3s#1125 (comment), adding |
Further to my last reply, I am closing this file. |
module version: v3.1.0
k3s version: v1.23.3+k3s1
When setting
cluster_domain
subsequent server nodes fail to join the cluster with error:I've tried to set tls-san with additional global flags to see if it helps but it does not:
If I remove the
cluster_domain
from the module altogether the cluster successfully bootstraps with default cluster domaincluster.local
Is there something I'm missing? Thanks!
The text was updated successfully, but these errors were encountered: