This guide walks through a production-grade Rancher setup with High Availability, multi-cluster management, and a GitOps CI/CD workflow using Kustomize.

๐Ÿ‘‰ This is how you run Rancher in real-world environments—not just demos.

๐Ÿ“Š Rancher Production Architecture


              +----------------------+
              |     Load Balancer    |
              +----------+-----------+
                         |
         +---------------+----------------+
         |                                |
  +-------------+                +-------------+
  | Rancher Pod |                | Rancher Pod |
  +-------------+                +-------------+
         |                                |
         +---------------+----------------+
                         |
                +------------------+
                | Kubernetes (Mgmt)|
                +------------------+
                         |
        +----------------+----------------+
        |                                 |
+------------------+           +------------------+
| Cluster (Dev)    |           | Cluster (Prod)   |
| Managed by Rancher|          | Managed by Rancher|
+------------------+           +------------------+

๐Ÿ‘‰ Rancher runs inside a Kubernetes cluster and manages other clusters centrally.

๐Ÿณ CloudChef Recipe: Rancher HA Setup

๐Ÿงพ Ingredients

  • 3-node Kubernetes cluster (minimum for HA)
  • Helm installed
  • Ingress controller (NGINX recommended)
  • cert-manager installed

Step 1: Install cert-manager


kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

Step 2: Add Rancher Helm Repo


helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo update

Step 3: Install Rancher in HA Mode


helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --create-namespace \
  --set hostname=rancher.yourdomain.com \
  --set replicas=3

๐Ÿ‘‰ replicas=3 enables High Availability.

Step 4: Configure Ingress + TLS


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rancher
  namespace: cattle-system
spec:
  rules:
  - host: rancher.yourdomain.com

๐Ÿ‘‰ Always use HTTPS (cert-manager + Let's Encrypt).

๐Ÿ” Production Hardening Checklist

  • ☐ Enable TLS
  • ☐ Use SSO (OIDC / Azure AD)
  • ☐ Restrict RBAC
  • ☐ Enable audit logging

☸️ Multi-Cluster Management

Rancher allows you to manage multiple clusters:

Steps:

  • Add cluster via Rancher UI
  • Import existing clusters (EKS, AKS, GKE)
  • Apply policies across clusters

๐Ÿ‘‰ Use labels to organize clusters (dev, staging, prod)

⚙️ GitOps CI/CD with Kustomize

We’ll deploy an application using Kustomize via Git.

๐Ÿ“ Repo Structure


repo/
  base/
    deployment.yaml
    service.yaml
  overlays/
    dev/
      kustomization.yaml
    prod/
      kustomization.yaml

๐Ÿ“„ base/deployment.yaml


apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 2

๐Ÿ“„ overlays/dev/kustomization.yaml


resources:
- ../../base

namePrefix: dev-

๐Ÿ“„ overlays/prod/kustomization.yaml


resources:
- ../../base

namePrefix: prod-

๐Ÿš€ Deploy via Rancher (GitOps Flow)

  • Connect Git repo
  • Select overlay (dev/prod)
  • Deploy application

๐Ÿ‘‰ Rancher continuously syncs your cluster with Git.

⚠️ Common Production Mistakes

  • Running Rancher with 1 replica
  • No TLS configuration
  • No RBAC restrictions
  • No GitOps workflow

๐Ÿง  Pro Tips

  • Use separate clusters for environments
  • Combine Rancher + ArgoCD for GitOps
  • Monitor clusters with Prometheus

๐Ÿš€ Final Thoughts

Rancher becomes truly powerful when combined with GitOps and HA architecture.

๐Ÿ”ฅ CloudChef Tip: Don’t just manage clusters—standardize them.