^ This turned out to be caused by a misconfigured RKE cluster load balancer. The ingress-nginx-controller was supposed to be in HostNetwork mode (which defaults to NodePort after kube 1.21), and where the lb was also trying to send https traffic to the rancher ingres, but ingress-nginx-controller wasn’t listening in the correct mode. Setting the ingress controller to HostNetwork mode fixed it 👍