Install using custom CA certificate#
k0s generates all needed certificates automatically in the
<data-dir>/pki directory (
/var/lib/k0s/pki, by default).
But sometimes there is a need to have the CA certificate in advance.
To make it work, just put
ca.crt files to the
mkdir -p /var/lib/k0s/pki cd /var/lib/k0s/pki openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crt -subj "/CN=Custom CA"
Then you can install k0s as usual.
It's possible to get join in advance without having a running cluster.
k0s token pre-shared --role worker --cert /var/lib/k0s/pki/ca.crt --url https://<controller-ip>:6443/
The command above generates a join token and a Secret. A Secret should be deployed to the cluster to authorize the token. For example, you can put the Secret under the manifest directory and it will be deployed automatically.