-
Hi all. I've fully gone through the quickstart and have a Talos provisioned Kube cluster up & running on single machine. I can do kubectl on the same machine where the Talos cluster is installed just fine. But I wanted to reach the cluster from a different machine so I copied the clusters/users portion of the
When I try to do anything with
If I simply add
I know all I have to do is find the Talos cluster API server certificate and add it as a trusted cert on my remote machine, but I'm not seeing a guide on how to retrieve the cluster API server cert with Thank you in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 7 replies
-
Hi @rakhbari, first of all you can retrieve Answering your first question: Talos generates certificate for the Kubernetes API server based on the control plane endpoint, hostname, etc. Looks like in your case you're trying to use multiple control plane endpoints (changed from whatever it was to You need to add This change can be applied immediately (without a reboot) with: |
Beta Was this translation helpful? Give feedback.
-
@smira Ah, ok. That makes sense. I do see the Ok, so I just ran:
I examined
...which obviously doesn't look right. I should have more metadata about my Talos cluster in my Then I took a look at the
So I copied its content to my
So I really don't know where to go from here. I'm just wondering if I missed a step somewhere. |
Beta Was this translation helpful? Give feedback.
-
Glad you got it resolved, Let us know if there are other issues! |
Beta Was this translation helpful? Give feedback.
-
Hey, I know this is a very old thread, but I am having the same issue here but against a production cluster. I have 3 machines booted from the ISO image. I run the command to generate configuration on a remote machine that can ping the machines:
But the generated
Even if I change the
Am I missing something? Is there a way to get a I saw someone run these commands after running the
|
Beta Was this translation helpful? Give feedback.
-
I have the same issue : to fix this issue I open the terminal in the directory where exist talosconfig file |
Beta Was this translation helpful? Give feedback.
Hi @rakhbari, first of all you can retrieve
kubeconfig
(admin) from Talos API usingtalosctl -n <IP> kubeconfig
.Answering your first question: Talos generates certificate for the Kubernetes API server based on the control plane endpoint, hostname, etc.
Looks like in your case you're trying to use multiple control plane endpoints (changed from whatever it was to
mainserv03.lan
), so you need to make sure Talos includesmainserv03.lan
into the Kubernetes API certificate. This can be configured via machine configuration:https://www.talos.dev/docs/v0.10/reference/configuration/#apiserverconfig
You need to add
certSANs
to thecluster.apiServer
section of the configuration.This change can be …