How to disable kube-proxy on a Rancher-managed RKE2 cluster with Cilium

RKE2 cluster provisioned by Rancher with Cilium as the CNI

When configuring the cluster in the cluster management view of the Rancher UI:

1. Edit the cluster as YAML
2. Set the spec.rkeConfig.machineGlobalConfig.disable-kube-proxy value to true
3. Set the spec.rkeConfig.chartValues.rke2-cilium section to contain the following two items: 

   k8sServiceHost: "localhost"
   k8sServicePort: "6443"

If you simply set the cluster's spec.rkeConfig.machineGlobalConfig.disable-kube-proxy value to true without defining the k8sServiceHost and k8sServicePort values, the cluster will not finish provisioning. The Rancher UI will show the init node in a Reconciling state with the message:

Waiting for cluster agent to connect

This is because the cilium pod will be in an Init:CrashLoopBackOff state. If you check the logs for the config container in the cilium pod, you will see the following error: 

time="2025-07-22T17:53:57.998012657Z" level=error msg="Unable to contact k8s api-server" error="Get \"https://10.43.0.1:443/api/v1/namespaces/kube-system\": dial tcp 10.43.0.1:443: i/o timeout" ipAddr="https://10.43.0.1:443" subsys=k8s-client
2025/07/22 17:53:57 ERROR Start hook failed function="client.(*compositeClientset).onStart (k8s-client)" error="Get \"https://10.43.0.1:443/api/v1/namespaces/kube-system\": dial tcp 10.43.0.1:443: i/o timeout"
2025/07/22 17:53:57 ERROR Start failed error="Get \"https://10.43.0.1:443/api/v1/namespaces/kube-system\": dial tcp 10.43.0.1:443: i/o timeout" duration=1m5.016984705s
2025/07/22 17:53:57 INFO Stopping
Error: Build config failed: failed to start: Get "https://10.43.0.1:443/api/v1/namespaces/kube-system": dial tcp 10.43.0.1:443: i/o timeout