Hi everyone! I'm trying to setup Cluster API in my local dev environment, which is a k3d cluster. I followed the guide in https://cluster-api.sigs.k8s.io/user/quick-start.html and I'm setting it up as a vcluster. I was able to create a vcluster successfully and I can verify that I can reach the k3s control plane for it; however, I cannot get TLS to work properly (connecting from a pod within the first k3d cluster):

root@test-shell:/# kubectl --kubeconfig kind.kubeconfig get no
Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for kubernetes.default.svc.cluster.local, kubernetes.default.svc, kubernetes.default, kubernetes, localhost, not kind.vcluster.svc
root@test-shell:/# kubectl --kubeconfig kind.kubeconfig get no --insecure-skip-tls-verify
NAME                                  STATUS   ROLES    AGE   VERSION
k3d-helios-infra-local-dev-server-0   Ready    <none>   25m   v1.23.6+k3s1

I have added the

--tls-san=kind.vcluster.svc

arg to k3s and I validated that the

serving-kube-apiserver.crt

does have the SAN:

❯ openssl x509 -in serving-kube-apiserver.crt -noout -text                                  
Certificate:
    Data:
          ...

            X509v3 Subject Alternative Name: 
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:kind.vcluster.svc, DNS:localhost, DNS:kind-0, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:10.42.0.112, IP Address:10.43.0.1
         ...

I would REALLY appreciate some help here as I don't know what else to check. Thanks!