This message was deleted.

Check the rke2-server logs on the hosts.

journalctl -u rke2-server

On the etcd nodes, nothing except :

Apr 28 18:01:52 test-cluster-etcd-fhmbf-j8lrp rke2[1884]: time="2025-04-28T18:01:52Z" level=info msg="Reconciling ETCDSnapshotFile resources"
Apr 28 18:01:52 test-cluster-etcd-fhmbf-j8lrp rke2[1884]: time="2025-04-28T18:01:52Z" level=info msg="Reconciliation of ETCDSnapshotFile resources complete"

On the control plane nodes, nothing except the initial setup logs, but no error logs ... And on the worker nodes, no service rke2-server or rke2-agent, and the service rancher-system-agent is stuck on :

Apr 27 20:06:50 test-cluster-worker-qq8lr-hp9r9 systemd[1]: Started rancher-system-agent.service - Rancher System Agent.
Apr 27 20:06:50 test-cluster-worker-qq8lr-hp9r9 rancher-system-agent[1665]: time="2025-04-27T20:06:50Z" level=info msg="Rancher System Agent version v0.3.12 (e4876a6) is starting"
Apr 27 20:06:50 test-cluster-worker-qq8lr-hp9r9 rancher-system-agent[1665]: time="2025-04-27T20:06:50Z" level=info msg="Using directory /var/lib/rancher/agent/work for work"
Apr 27 20:06:50 test-cluster-worker-qq8lr-hp9r9 rancher-system-agent[1665]: time="2025-04-27T20:06:50Z" level=info msg="Starting remote watch of plans"
Apr 27 20:06:50 test-cluster-worker-qq8lr-hp9r9 rancher-system-agent[1665]: time="2025-04-27T20:06:50Z" level=info msg="Starting /v1, Kind=Secret controller"

Can the pods/node dns resolve your Rancher endpoint?

Yes, they can resolve the rancher endpoint, and the ports 80/443 are reachable. Otherwise the etcd and controlplane nodes probably wouldn't show as running