Hi Rancher Community, i am currently working on a problem regarding Rancher with a private custom CA. We try to provision a Downstream RKE2 Cluster, however the pods created by fleet (-machine-provision-) do not have the custom CA injected so the download of the docker machine driver fails on them with a certificate error. Volume mounts also only contain the following secrets:

volumes:

- name: machine-certs

secret:

defaultMode: 420

secretName: machine-certs-3ac8bac21d4dbf49eb88af4995a25cc5

I'm not sure if fleet injects the additionalCA into this secret, maybe someone has expirience with it. I tried debugging this running curl by myself and the download from the url works as long as i have the Certificate installed or i use curl -k option. Running Rancher 2.8.2, installed via Helm, having values set for additionalTrustedCA and Proxy settings. I am happy to supply any addition information, let me know if you need any or encouter the same error. Any help on this is highly appreciated. Thank you in advance Update: After some digging we found that the no_proxy variable in the created rancher-machine secret does not contain the same values as passed to the helm chart. Im not sure how this secret gets created and where we have to set these proxy settings in particular. I will dig futher and edit this post if we find a solution.