Skip to content

Connecting to talos cluster from remote machine - x509 cert issue #3704

Answered by smira
rakhbari asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @rakhbari, first of all you can retrieve kubeconfig (admin) from Talos API using talosctl -n <IP> kubeconfig.

Answering your first question: Talos generates certificate for the Kubernetes API server based on the control plane endpoint, hostname, etc.

Looks like in your case you're trying to use multiple control plane endpoints (changed from whatever it was to mainserv03.lan), so you need to make sure Talos includes mainserv03.lan into the Kubernetes API certificate. This can be configured via machine configuration:
https://www.talos.dev/docs/v0.10/reference/configuration/#apiserverconfig

You need to add certSANs to the cluster.apiServer section of the configuration.

This change can be …

Replies: 5 comments 7 replies

Comment options

You must be logged in to vote
2 replies
@rakhbari
Comment options

@smira
Comment options

smira Jun 1, 2021
Maintainer

Answer selected by steverfrancis
Comment options

You must be logged in to vote
2 replies
@smira
Comment options

smira Jun 2, 2021
Maintainer

@rakhbari
Comment options

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
2 replies
@frezbo
Comment options

@QuinnBast
Comment options

Comment options

You must be logged in to vote
1 reply
@xyhhx
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
7 participants