Skip to content

rancher

Metadata

Field Value
Service rancher
Purpose Cluster management plane and Fleet visibility interface
Criticality Tier 1
Owner Platform / Cluster management owner
Clusters prod, oci
Namespace cattle-system
Exposure internet
Stateful yes
Backup class cluster backup
RPO / RTO Cluster backup target, 2 to 6 hours to restore
Last reviewed 2026-05-20

1. Service Overview

Rancher provides the management-plane UI and APIs used to administer clusters and inspect Fleet state.

Summary

If Rancher fails, platform operators lose a major management and visibility plane for clusters and Fleet.

Dependencies

Dependency Type Why it matters
Traefik ingress External HTTPS access
Fleet control plane integration Rancher surfaces Fleet GitOps state
Persistent management-plane state storage Preserves cluster and management metadata

2. Architecture Diagram

[Operator browser]
  -> [Traefik]
  -> [Rancher]
  -> [Managed clusters / Fleet]

3. Deployment Specifications

Item Value
Source path rancher/base and rancher/overlays/*
Deployment model Helm chart rendered through Kustomize overlays
Namespace cattle-system
Workload kind Deployment and Helm-managed supporting resources
Chart or image version Rancher chart 2.11.x family in the current repo state
Config files base/kustomization.yaml, overlays/prod, overlays/oci

Cluster mapping

Cluster Overlay path Notes
prod rancher/overlays/prod Primary production deployment
oci rancher/overlays/oci OCI-specific variant

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
Rancher chart values and ingress settings overlay manifests and values Configure hostname, ingress, and management behavior mixed

ConfigMaps

Resource Path Purpose
Helm-generated Rancher config rancher/base and rancher/overlays/* Management-plane configuration

Secrets management

  • Secret names: TLS, bootstrap admin, and chart-related secrets in cattle-system
  • Source of truth: overlay inputs and runtime-created secrets
  • Rotation trigger: certificate or admin credential rotation
  • Recovery note: restore ingress, TLS, and admin secrets before bringing Rancher back online

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal Rancher services in cattle-system Cluster operators Kubernetes and Rancher auth Traefik / Rancher
External Rancher hostnames defined by the active overlay Platform operators Rancher auth Traefik

6. Operations and Observability

  • Primary health indicators: Rancher UI responsive, cluster inventory healthy, and Fleet views available.
  • Dashboards or alerts: shared platform monitoring.
  • Log locations: Rancher server pod logs and ingress logs.
  • Known failure modes: certificate issues, ingress drift, chart upgrade errors, or degraded cluster registration state.

7. Backup and Recovery Notes

  • Backup method: management-cluster backup and Rancher-specific backup policy.
  • Restore prerequisites: cluster-level backup, restored TLS/admin secrets, and healthy ingress.
  • Related runbook: ../runbooks/rancher.md

8. Release and Change Notes

  • Current deployed app version: Rancher 2.11.x family in the current repo state.
  • Current chart version: see the Rancher overlay values.
  • Last significant change: repository coverage added for the active prod and OCI overlays.
  • Rollback reference: previous overlay or chart revision in Git.