This message was deleted.

If anyone sees this, I figured it out. Summary: since my dev boxes sit under the Tailscale VPN, I had to install the tailscale operator, modify the Rancher UI ingress controller to use the tailscale ingressClassType, and set my host name and tls service host manually.