hey all, I'm trying to deploy rke2 through terraform on rancher v2.9.1 but getting quite a few errors... any ideas? Am I missing something in my config? Errors from master pool vms -

time="2025-06-10T15:46:31+02:00" level=info msg="Starting /v1, Kind=Secret controller"

W0610 15:49:31.117242     969 reflector.go:462] pkg/mod/github.com/rancher/client-go@v1.29.3-rancher1/tools/cache/reflector.go:229: watch of *v1.Secret ended with: an error on the server ("unable to decode an event from the watch stream: stream error: stream ID 5; INTERNAL_ERROR; received from peer") has prevented the request from succeeding

ime="2025-06-10T15:47:49+02:00" level=info msg="[7782de4112b9627dd04a603a5a7a5ebf168e33cc0ab1c4f22963062ac6850ad8_0:stderr]: cp: cannot stat '/var/lib/rancher/agent/work/20250610-154747/7782de4112b9627dd04a603a5a7a5ebf168e33cc0ab1c4f22963062ac6850ad8_0/sha256sum-amd64.txt': No such file or directory"

time="2025-06-10T15:47:49+02:00" level=info msg="[Applyinator] Command sh [-c run.sh] finished with err: <nil> and exit code: 1"

time="2025-06-10T15:47:49+02:00" level=error msg="error executing instruction 0: <nil>"

time="2025-06-10T15:47:49+02:00" level=info msg="[Applyinator] No image provided, creating empty working directory /var/lib/rancher/agent/work/20250610-154747/7782de4112b9627dd04a603a5a7a5ebf168e33cc0ab1c4f22963062ac6850ad8_0"

time="2025-06-10T15:47:49+02:00" level=info msg="[Applyinator] Running command: sh [-c rke2 etcd-snapshot list --etcd-s3=false 2>/dev/null]"

time="2025-06-10T15:47:49+02:00" level=info msg="[Applyinator] Command sh [-c rke2 etcd-snapshot list --etcd-s3=false 2>/dev/null] finished with err: <nil> and exit code: 127"

time="2025-06-10T15:47:50+02:00" level=error msg="error loading CA cert for probe (kube-scheduler) /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: open /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: no such file or directory"

time="2025-06-10T15:47:50+02:00" level=error msg="error while appending ca cert to pool for probe kube-scheduler"

time="2025-06-10T15:47:50+02:00" level=error msg="error loading x509 client cert/key for probe kube-apiserver (/var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt//var/lib/rancher/rke2/server/tls/client-kube-apiserver.key): open /var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt: no such file or directory"

time="2025-06-10T15:47:50+02:00" level=error msg="error loading CA cert for probe (kube-apiserver) /var/lib/rancher/rke2/server/tls/server-ca.crt: open /var/lib/rancher/rke2/server/tls/server-ca.crt: no such file or directory"

time="2025-06-10T15:47:50+02:00" level=error msg="error while appending ca cert to pool for probe kube-apiserver"

time="2025-06-10T15:47:50+02:00" level=error msg="error loading CA cert for probe (kube-controller-manager) /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: open /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: no such file or directory"

Terraform code -

_resource_ "rancher2_cluster_v2" "test-cluster" {

name = "rke2-test-cluster"

kubernetes_version = "v1.30.13+rke2r1"

_rke_config_ {

_machine_selector_config_ {

config = <<EOF

system-default-registry: "my-registry"

cloud-provider-name: "vsphere"

EOF

}

_registries_ {

_configs_ {

hostname = "my-registry"

insecure = false

auth_config_secret_name = "registry-secret"

# this config can be set as described in <https://docs.rke2.io/install/private_registry>

}

}

Check the rke2-server logs and pod logs for errors. I suspect that your main problem is that all in-tree cloud providers have been removed, so vsphere is an invalid cloud provider name. You can set it to rancher-vsphere to deploy the vsphere CPI and csi charts bundled with rke2.

also try using

<<-EOF

rather than

<<EOF

thanks for the reply on this. My issue was related to the system-default-registry. Once I switched to using public images it was sorted.