Specify TLS SAN when launching RKE2 Clusters via Rancher UI

we’re currently setting up a new k8s cluster via RKE2 out of the Rancher UI and just hit this road block:

When running with 3 master servers, we obviously need some form of LB in front of them. After setting up the LB, kubectl complains about the certificates: Unable to connect to the server: x509: certificate is valid for, ::1, [...], not [...]

After looking around for a bit, I found the option --tls-san when deploying the RKE2 Server manually, which allows to set additonal SANs the certs are valid for.

Is there a way to specify more SANs when deploying the new cluster from the Rancher UI?

Thanks for the help, highly appreciated!

1 Like

Argh, totally missed the obvious.

The SANs can be set at the “Networking” Tab at the Cluster Configuration screen.

Sorry for creating this topic a bit too quickly :woozy_face:
I guess I’ll leave it up for people who read as badly as me :smiley:

1 Like