k3s tls-san: add kai-server.local so fleet-readout.sh can drop skip-tls-verify #303
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#303
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
coilysiren/coilysirenscripts/fleet-readout.shcarries a kubectl workaround: the kubeconfig defaulthttps://kai-server:6443answers Bad Gateway, so the script points atkai-server.localand passes--insecure-skip-tls-verifybecause the k3s API cert has nokai-server.localSAN.Removal condition, stated in the script comment: add
kai-server.localto the k3stls-sanlist, then drop the skip-tls-verify flag from the script.Two parts:
kai-server.localto the k3s servertls-sanconfig and roll the cert.--insecure-skip-tls-verify(and ideally the--serveroverride) fromscripts/fleet-readout.shonce the SAN lands.Filed so the workaround's removal condition has a tracking ref instead of living only in a script comment.