Hi, rke2 has an option to define extra tls-san in its config file (High Availability | RKE2). Does Rancher provide an option to do the same for downstream rke2 clusters ? My use case is a downstream cluster running cilium without kube-proxy where I need to set

k8sServiceHost

. I don't have any LB so my plan was to do a basic dns entry. Obviousy I got an error in cilium:

failed to start: Get \"https://<my-dns-entry>:6443/api/v1/namespaces/kube-system\": tls: failed to verify certificate: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, localhost, not <my-dns-entry>" subsys=cilium-operator-generic