Hi guys, we are trying to install rke2 and seem to be runing into an issue when trying to connect nodes to servers.

CA cert validation failed: Get "<https://127.0.0.1:6444/cacerts>": x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

It's a bit obscure and not found much online about it. There is no FW, and LB is setup to offload TLS. Any ideas?

Don't do that. If you have a LB in front of the rke2 control plane, it must use the same ports, and pass through tcp directly. Kubernetes makes extensive use of client certificate auth, and offloading tls to the load-balancer breaks that.

okay so I should set passthru

You don't even really need an expensive external load-balancer in front of the servers, a DNS alias is just fine. The registration endpoint is only used when joining the cluster, after that the client pulls endpoints from the cluster so the external LB is completely unused.

its possible its already setup like this. we have stoodup 3 other rancher clusters and the install went fine