HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix HA cluster join via Load Balancer private IP
Some checks failed
Deploy Cluster / Terraform (push) Successful in 36s
Details
Deploy Cluster / Ansible (push) Failing after 3m5s
Details

Browse Source 
Changes:
- Use LB private IP (10.0.1.5) instead of public IP for cluster joins
- Add LB private IP to k3s TLS SANs on primary control plane
- This allows secondary CPs and workers to verify certificates when joining via LB

Fixes x509 certificate validation error when joining via LB public IP.
This commit is contained in:
MichaelFisher1997
2026-03-23 02:56:41 +00:00
parent 4965017b86
commit 952a80a742
3 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/k3s-server/tasks/main.yml
View File

@@ -63,6 +63,7 @@
--node-ip={{ k3s_node_ip }}
--tls-san={{ k3s_primary_ip }}
--tls-san={{ k3s_primary_public_ip }}
--tls-san={{ kube_api_endpoint }}
{% if k3s_disable_embedded_ccm | bool %}--disable-cloud-controller{% endif %}
{% if k3s_disable_servicelb | bool %}--disable=servicelb{% endif %}
{% if k3s_kubelet_cloud_provider_external | bool %}--kubelet-arg=cloud-provider=external{% endif %}

1
ansible/site.yml
View File

@@ -24,6 +24,7 @@
k3s_primary_public_ip: "{{ ansible_host }}"
k3s_primary_ip: "{{ k3s_private_ip }}"
k3s_node_ip: "{{ k3s_private_ip }}"
kube_api_endpoint: "{{ kube_api_endpoint }}"
roles:
- k3s-server

4
terraform/outputs.tf
View File

@@ -65,6 +65,6 @@ output "kubeconfig_command" {
}
output "kube_api_lb_ip" {
description = "Load Balancer IP for Kubernetes API"
value = hcloud_load_balancer.kube_api.ipv4
description = "Load Balancer private IP for Kubernetes API (used for cluster joins)"
value = hcloud_load_balancer_network.kube_api.ip
}