I have microK8S cluster, and expose the API server at my domain. The server.crt
and server.key
in /var/snap/microk8s/1079/certs
need to be replaced with the ones that include my domain. Otherwise, as expected, i get the error:
Unable to connect to the server: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster, kubernetes.default.svc.cluster.local, not mydonaim.com
With the help of cert-manager I have produced certificates and replaced them, my system works well.
Problem: every time server is restarted, server.crt
and server.key
are generated again in /var/snap/microk8s/1079/certs
. My custom certs are deleted, making API server unreachable remotely. How can I stop the system from doing that all the time?
Workaround? Should I place my certificates elsewhere and edit config files like /var/snap/microk8s/1079/args/kube-controller-manager
with the path to those certificates? Are those config files auto-replaced as well?
It looks like there is an existing issue that describes copying and modifying the /var/snap/microk8s/current/certs/csr.conf.template
to include any extra IP or DNS entries for the generated certificates