Hi there I am trying to register my Harvester 1.5 to Rancher but the agent pods on harvester cluster are in crash loop [root@localhost ~]# kubectl get pods -n cattle-system NAME READY STATUS RESTARTS AGE cattle-cluster-agent-55c7849d5f-5k687 0/1 CrashLoopBackOff 10 (4m53s ago) 31m cattle-cluster-agent-55c7849d5f-sfxxx 0/1 CrashLoopBackOff 10 (4m39s ago) 30m and the logs says .228 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY=registry.rancher.com CATTLE_CREDENTIAL_NAME=cattle-credentials-d8a03569a9 CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=0c2a7807-f109-47ac-b2cc-47a4c60c20ab CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-55c7849d5f-sfxxx CATTLE_RANCHER_PROVISIONING_CAPI_VERSION=106.0.0+up0.7.0 CATTLE_RANCHER_WEBHOOK_VERSION=106.0.1+up0.7.1 CATTLE_SERVER=https://192.168.70.192:32655 CATTLE_SERVER_VERSION=v2.11.1 INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local nameserver 10.53.0.10 options ndots:5 INFO: https://192.168.70.192:32655/ping is accessible INFO: Value from https://192.168.70.192:32655/v3/settings/cacerts is an x509 certificate time="2025-05-12T075347Z" level=info msg="Listening on /tmp/log.sock" time="2025-05-12T075347Z" level=info msg="Rancher agent version v2.11.1 is starting" time="2025-05-12T075347Z" level=info msg="Testing connection to https://192.168.70.192:32655 using trusted certificate authorities within: /etc/kubernetes/ssl/certs/serverca" time="2025-05-12T075347Z" level=error msg="Could not securely connect to https://192.168.70.192:32655: Get \"https://192.168.70.192:32655\": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"dynamiclistener-ca@1746984804\")" Any inputs to Resolve this ??

You can try to change agent-tls-mode setting in the rancher cluster where you are configuring Harvester from "Strict" to "System Store" to see if this helps you with this issue.

Thanks for the response, I had tried this in past but no luck will try again also tried installing rancher with -- set skip tls option to avoid any cert chk or issues any other idea to surpass this? it sounds like harvester is trinng to talk to rancher and harvester is not trusting rancher so may be some solutions at harvester end ? or cert copy at harvester trust store locations from rancher etc ? been trying to resolve this from a week now PS: 192.168.70.172 is my Rancher IP (using nodeport svc)