Installation on aws ec2 instance fails with invalid k3s API cert
$ python3 -m openappstack awstest.varac.net install --install-kubernetes
...
TASK [kubernetes-checks : Fail if kubectl is not configured correctly] **********************************
Tuesday 23 February 2021 14:52:25 +0100 (0:00:01.367) 0:00:01.641 ******
fatal: [awstest]: FAILED! => changed=false
msg: Kubectl has no connection to server or is not installed. Install kubectl on the server or run install-kubernetes.yml playbook
❯ kubectl get node
Unable to connect to the server: x509: certificate is valid for 10.43.0.1, 127.0.0.1, 172.31.7.134, not 3.123.229.142
Including the cluster ip_address
as SAN in the API cert by adding --tls-san {{ ip_address }}
to the k3s server_args
fixes this:
cat group_vars/all/settings.yml
...
k3s:
version: 'v1.18.6+k3s1'
# args to start the k3s server with
# https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/
server_args: '--disable traefik --disable local-storage --disable servicelb --tls-san {{ ip_address }}'