I am trying to create a HA k3s cluster using HAProxy and Keepalived.
For new installations ( where --tls-san param is added on first time install ) everything works great.
I am encountering an issue when I have a existing cluster, and I try to update the configuration and add --tls-san <floating_IP>.
I can see that the service’s unit file is updated correctly, and that the service does restart, but editing the kubeconfig file to connect to the floating IP results in a tls error.
It seems as if no new listener is created (i.e. in the k3s-serving secret)