Rancher HA Setup: Production Architecture, Multi-Cluster Management & GitOps CI/CD (Kustomize)

This guide walks through a production-grade Rancher setup with High Availability, multi-cluster management, and a GitOps CI/CD workflow using Kustomize.

👉 This is how you run Rancher in real-world environments—not just demos.

---

📊 Rancher Production Architecture

              +----------------------+
              |     Load Balancer    |
              +----------+-----------+
                         |
         +---------------+----------------+
         |                                |
  +-------------+                +-------------+
  | Rancher Pod |                | Rancher Pod |
  +-------------+                +-------------+
         |                                |
         +---------------+----------------+
                         |
                +------------------+
                | Kubernetes (Mgmt)|
                +------------------+
                         |
        +----------------+----------------+
        |                                 |
+------------------+           +------------------+
| Cluster (Dev)    |           | Cluster (Prod)   |
| Managed by Rancher|          | Managed by Rancher|
+------------------+           +------------------+

👉 Rancher runs inside a Kubernetes cluster and manages other clusters centrally.

---

🍳 CloudChef Recipe: Rancher HA Setup

🧾 Ingredients

• 3-node Kubernetes cluster (minimum for HA)
• Helm installed
• Ingress controller (NGINX recommended)
• cert-manager installed

---

Step 1: Install cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

---

Step 2: Add Rancher Helm Repo

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo update

---

Step 3: Install Rancher in HA Mode

helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --create-namespace \
  --set hostname=rancher.yourdomain.com \
  --set replicas=3

👉 replicas=3 enables High Availability.

---

Step 4: Configure Ingress + TLS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rancher
  namespace: cattle-system
spec:
  rules:
  - host: rancher.yourdomain.com

👉 Always use HTTPS (cert-manager + Let's Encrypt).

---

🔐 Production Hardening Checklist

• ☐ Enable TLS
• ☐ Use SSO (OIDC / Azure AD)
• ☐ Restrict RBAC
• ☐ Enable audit logging

---

☸️ Multi-Cluster Management

Rancher allows you to manage multiple clusters:

Steps:

• Add cluster via Rancher UI
• Import existing clusters (EKS, AKS, GKE)
• Apply policies across clusters

👉 Use labels to organize clusters (dev, staging, prod)

---

⚙️ GitOps CI/CD with Kustomize

We’ll deploy an application using Kustomize via Git.

📁 Repo Structure

repo/
  base/
    deployment.yaml
    service.yaml
  overlays/
    dev/
      kustomization.yaml
    prod/
      kustomization.yaml

---

📄 base/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 2

---

📄 overlays/dev/kustomization.yaml

resources:
- ../../base

namePrefix: dev-

---

📄 overlays/prod/kustomization.yaml

resources:
- ../../base

namePrefix: prod-

---

🚀 Deploy via Rancher (GitOps Flow)

• Connect Git repo
• Select overlay (dev/prod)
• Deploy application

👉 Rancher continuously syncs your cluster with Git.

---

⚠️ Common Production Mistakes

• Running Rancher with 1 replica
• No TLS configuration
• No RBAC restrictions
• No GitOps workflow

---

🧠 Pro Tips

• Use separate clusters for environments
• Combine Rancher + ArgoCD for GitOps
• Monitor clusters with Prometheus

---

🔗 Continue Your CloudChef Journey

If you found this helpful, here are more CloudChef guides you should explore:

🔥 Related CloudChef Recipes

Loading related posts...

---

🚀 Final Thoughts

Rancher becomes truly powerful when combined with GitOps and HA architecture.

🔥 CloudChef Tip: Don’t just manage clusters—standardize them.