Howdy! I'm trying to install Rancher into an existing on-prem 1.21 Kubernetes cluster. I followed the getting started document and have cert-manager installed and it seems to successfully generate the certificate. But my Rancher pods go into CrashLoopBackOff only logging this:

p11-kit: couldn't create file: /var/lib/ca-certificates/java-cacerts: Permission denied
p11-kit: couldn't make directory writable: /var/lib/ca-certificates/openssl: Operation not permitted
p11-kit: couldn't make directory writable: /var/lib/ca-certificates/pem: Operation not permitted
/usr/lib/ca-certificates/update.d/99certbundle.run: line 21: /var/lib/ca-certificates/ca-bundle.pem.new: Permission denied

I feel like that might be somehow filesystem related? I can't find any fields in the Helm chart values to change the RunAs user, nor does it look like I'm using any sort of persistent storage, so IDK why the containers would be getting permission denied like that.