Is there a guide on how to configure the API to use your own SSL certificate?
I have issued the cert from Lets Encrypt. I updated the tls-cert-file and tls-private-key-file arguments for kube-apiserver which allowed me to access the API over the internet correctly, but clients internal to K8s were unable to use the API. These messages started filling up the kube-apiserver logs: I0825 14:55:15.298344 1 logs.go:41] http: TLS handshake error from 10.244.1.73:48784: EOF I0825 14:55:15.298548 1 logs.go:41] http: TLS handshake error from 10.244.1.5:45890: remote error: tls: bad certificate Upon trying to use the proxy to access the dashboard it threw with 500 error: Get https://10.0.0.1:443/apis/extensions/v1beta1/namespaces/default/deployments: x509: cannot validate certificate for 10.0.0.1 because it doesn't contain any IP SANs I get why the above error is happening, the self signed cert has a bunch of internal DNS names and IP address that allows it to work. What is the best way to secure the API so internal and external clients can use it? -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
