Howdy folks! I've been trying to setup a local dev lab, specifically to practice Istio concepts. I wanted to do so with a realistic, yet lightweight composition of resources. Rancher Desktop and k3d to the rescue...or so I had hoped. But I've found myself stuck on what seems to me should be fairly trivial, but I can't seem to isolate the root cause and am hoping you folks could offer some guidance. Setup: • All resources are on a Windows host ◦ Windows 11 Pro ◦ 12 Core 3.60 GHz processor ◦ 64 GB RAM • Rancher Desktop installed: https://rancherdesktop.io/ • Rancher on Rancher Desktop using Helm installation pattern: https://docs.rancherdesktop.io/how-to-guides/rancher-on-rancher-desktop/ • k3d 3 node cluster: https://docs.rancherdesktop.io/how-to-guides/create-multi-node-cluster • Attempt to register said k3d cluster: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters#regis[…]luster ◦ Configured as Generic import with all defaults ◦ Copy the

--insecure

curl command since I'm using self-signed certs ◦ Run said command while context is set to k3d cluster Issue: •

cattle-cluster-agent

gets stuck in boot loop with the following error:

INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local nameserver 10.43.0.10 options ndots:5
ERROR: <https://rancher.rd.localhost/ping> is not accessible (Failed to connect to rancher.rd.localhost port 443 after 0 ms: Couldn't connect to server)

What I've tried: • Deployed a pod to the k3d cluster that runs

infoblox/dnstools

◦ Pod is deployed to the

cattle-system

namespace ◦ With

nodeName: <server-node>

which is where the

cattle-cluster-agent

is deployed ◦ nslookup resolves

rancher.rd.localhost

to the Rancher Server ingress IP ◦

curl --insecure <https://rancher.rd.localhost/ping>

returns

pong

• Deployed a test agent pod to the k3d cluster that runs

rancher/rancher-agent:v2.11.2

◦ Same results as above, except

curl

returns the same error as above ▪︎

curl: (7) Failed to connect to rancher.rd.localhost port 443 after 0 ms: Couldn't connect to server

Conclusion: I'm missing something fundamental, but I can't see it. DNS is resolving properly, but curl is unable to connect. I don't think it is a Cert problem, since it won't work with

--insecure

nor will it work with

http vs https

, yet both work in my dnstools pod. I don't think it can be firewall since, yet again it works in the dnstools pod which I think would have the exact same attributes as the agent pod from a network perspective. So there is something else that is trapping this, or I have a misunderstanding of DNS, Firewall, and Certificates. Any insight would be appreciated. P.S. the domain resolution maps to my Windows hosts file in all cases. In other words, if I change my hosts file, the resolution changed for all pods.