Hey team, We're running into issues provisioning a 3 CP, 3 worker RKE2 downstream cluster on RHEL 8.10 via Rancher.

kubectl get nodes

shows "Ready," but we're seeing persistent errors like

Failed to create pod sandbox: ... Calico ... TLS handshake timeout

when Calico tries to connect to the API server. This points to a networking/proxy problem. We tried configuring

HTTP_PROXY

,

HTTPS_PROXY

, and

NO_PROXY

(with broad internal ranges including

10.0.0.0/8

and

.<http://xyz.org|xyz.org>

) in

/etc/default/rke2-server

and

/etc/default/rke2-agent

to avoid a global proxy setup. However, the

rancher-system-agent

is still failing to pull images, specifically

rancher/system-agent-installer-rke2:v1.31.7-rke2r1

from

<http://index.docker.io|index.docker.io>

, reporting a

dial tcp ...:443: i/o timeout

. This suggests the proxy isn't being picked up by the system agent for its initial image pulls, or there's an issue with the proxy itself reaching Docker Hub. Any thoughts on why the system agent isn't using the proxy config from

/etc/default/

files, or what else could be causing this image pull timeout and the subsequent Calico TLS handshake errors? Thanks in advance!

wrong channel. this is for RKE1, not RKE2.