chore: add public IP and URL to k8s TLS SANs

This will allow outside k8s access via 6443 port

setup.sh

@@ -87,6 +87,18 @@ get_time() {
  echo "${hours}h ${minutes}min ${seconds}s"
 }
 
+get_public_ip_address() {
+ # Define an array of IP retrieval services in case some are blocked
+ IP_SOURCES=("ifconfig.me" "whatismyip.akamai.com" "ipinfo.io/ip" "api.ipify.org")
+ for source in "${IP_SOURCES[@]}"; do
+ IP_ADDRESS=$(curl -s -4 "$source")
+ if [ -n "$IP_ADDRESS" ]; then
+ echo "$IP_ADDRESS"
+ return
+ fi
+ done
+}
+
 # Check if the required variables are set
 check_prereq() {
 
@@ -192,14 +204,7 @@ check_prereq() {
  sudo openssl x509 -noout -in "$CERTIFICATE_FILE" -ext subjectAltName | grep -q "DNS:*.$URL"; then
  echo -e "${OK} Certificate valid and matching $URL and *.$URL domains"
  else
- # Define an array of IP retrieval services in case some are blocked
- IP_SOURCES=("ifconfig.me" "whatismyip.akamai.com" "ipinfo.io/ip" "api.ipify.org")
- for source in "${IP_SOURCES[@]}"; do
- IP_ADDRESS=$(curl -s -4 "$source")
- if [ -n "$IP_ADDRESS" ]; then
- break
- fi
- done
+ IP_ADDRESS=$(get_public_ip_address)
  echo -e "${INFO} For domain and TLS setup please add following A records and a TXT records generated by certbot"
  echo -e " to your $URL DNS zone. First add TXT records so that you give some time for it"
  echo -e " to propagate so certbot can validate your certificate."
@@ -418,7 +423,7 @@ install_k3s() {
 
  # Install k3s using the official installation script
  get_k3s_config
- curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="${K3S_VERSION}" sh - 2>&1 | grep -v "Created symlink" >/dev/null
+ curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="${K3S_VERSION}" INSTALL_K3S_EXEC="--tls-san $IP_ADDRESS --tls-san $URL" sh - 2>&1 | grep -v "Created symlink" >/dev/null
 
  # Wait for k3s to be ready
  while ! sudo k3s kubectl get nodes &>/dev/null; do