Specify TLS SAN when launching RKE2 Clusters via Rancher UI

nir · June 8, 2022, 12:10pm

Hi,
we’re currently setting up a new k8s cluster via RKE2 out of the Rancher UI and just hit this road block:

When running with 3 master servers, we obviously need some form of LB in front of them. After setting up the LB, kubectl complains about the certificates: Unable to connect to the server: x509: certificate is valid for 127.0.0.1, ::1, [...], not [...]

After looking around for a bit, I found the option --tls-san when deploying the RKE2 Server manually, which allows to set additonal SANs the certs are valid for.

Is there a way to specify more SANs when deploying the new cluster from the Rancher UI?

Thanks for the help, highly appreciated!

nir · June 8, 2022, 12:29pm

Argh, totally missed the obvious.

The SANs can be set at the “Networking” Tab at the Cluster Configuration screen.

Sorry for creating this topic a bit too quickly
I guess I’ll leave it up for people who read as badly as me

Topic		Replies	Views
Certificates updated ==> disaster happened Rancher 2.x	0	669	March 14, 2022
Deploying RKE Config Changes Rancher 2.x	0	595	July 17, 2018
Change Rancher SSL Configuration Rancher 2.x	1	912	June 17, 2019
RKE cluster administration not accessible after changing SSL certificate Rancher 2.x	5	1877	January 14, 2021
SSL certificate for service Rancher 2.x	0	744	February 1, 2019

Specify TLS SAN when launching RKE2 Clusters via Rancher UI

Related Topics