Hi all, I'm trying to import a cluster (K3s) into Rancher, that is on a DMZ network that does not allow communications from the cluster to the Rancher server. The Rancher server can however reach the cluster I'm trying to import. I modified the manifest that installs the Rancher mgmt components on the cluster, to have the

cattle-cluster-agent

be able to run without being able to contact the Rancher server. However, the cluster import in Rancher still shows as "Provisioning". Is there a way to let Rancher import/manage a cluster, where the cluster cannot reach the Rancher server due to a firewall, but Rancher can reach the cluster API to be imported?

That is not supported. The downstream cluster needs to be able to reach rancher. That is how the agent is designed - once rancher is deployed, all communication is initiated by agents in the downstream cluster. It will not ever function if your environment does not allow this.

Oh - OK. I thought there was a "poll" management method from Rancher -> managed cluster.

Nope. Cluster agent opens a connection to rancher and everything happens via that.

OK, thanks for the assist!