So I've been trying for several weeks to just attach a vanilla harvester to a vanilla rancher. It gets stuck in pending and I see this in the logs

INFO: Environment: CATTLE_ADDRESS=10.52.0.102 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=<tcp://10.53.159.64:80> CATTLE_CLUSTER_AGENT_PORT_443_TCP=<tcp://10.53.159.64:443> CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.53.159.64 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=<tcp://10.53.159.64:80> CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.53.159.64 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.53.159.64 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_FEATURES=embedded-cluster-api=false,fleet=false,multi-cluster-management=false,multi-cluster-management-agent=true,provisioningv2=false,rke2=false,ui-sql-cache=false CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=3b90fda3-8ef0-414f-8d21-5ae5005b0ba9 CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-6c4bfb67d4-7z8r9 CATTLE_RANCHER_PROVISIONING_CAPI_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=104.0.2+up0.5.2 CATTLE_SERVER=<https://rancher.dnsif.ca> CATTLE_SERVER_VERSION=v2.9.2
INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local nameserver 10.53.0.10 options ndots:5
INFO: <https://rancher.dnsif.ca/ping> is accessible
INFO: rancher.[REDACTED].com resolves to 192.168.152.194
time="2024-09-23T10:48:50Z" level=info msg="Listening on /tmp/log.sock"
time="2024-09-23T10:48:50Z" level=info msg="Rancher agent version v2.9.2 is starting"
time="2024-09-23T10:48:50Z" level=error msg="unable to read CA file from /etc/kubernetes/ssl/certs/serverca: open /etc/kubernetes/ssl/certs/serverca: no such file or directory"
time="2024-09-23T10:48:50Z" level=error msg="Strict CA verification is enabled but encountered error finding root CA"

I went around several different goose chases to get this working • Fully set up cert-manager with valid SSL certificates for the ingress on both rancher+harvester • Updated the TLS SAN for the cluster to include the FQDN DNS record • Manually found the CA records on harvester, tried to make it available to the cattle-cluster-agent pods via mapped volumes • Tried various env variables and options to skip the TLS validation, but it doesn't change the behaviour or error • Also tried using the additional-ca field on the harvester cluster to add the rancher CA certs Hoping someone can help me. Not sure why something so simple can be so complicated. I would have assumed that SUSE Rancher and SUSE Harvester on a vanilla install can integrate by following the documentation. I have at this point also re-installed both Harvester and Rancher on 3 or 4 different systems (physical hardware as well as VMs). Anyone have any ideas?