rancher
| Field |
Value |
| Service |
rancher |
| Purpose |
Cluster management plane and Fleet visibility interface |
| Criticality |
Tier 1 |
| Owner |
Platform / Cluster management owner |
| Clusters |
prod, oci |
| Namespace |
cattle-system |
| Exposure |
internet |
| Stateful |
yes |
| Backup class |
cluster backup |
| RPO / RTO |
Cluster backup target, 2 to 6 hours to restore |
| Last reviewed |
2026-05-20 |
1. Service Overview
Rancher provides the management-plane UI and APIs used to administer clusters and inspect Fleet state.
Summary
If Rancher fails, platform operators lose a major management and visibility plane for clusters and Fleet.
Dependencies
| Dependency |
Type |
Why it matters |
| Traefik |
ingress |
External HTTPS access |
| Fleet |
control plane integration |
Rancher surfaces Fleet GitOps state |
| Persistent management-plane state |
storage |
Preserves cluster and management metadata |
2. Architecture Diagram
[Operator browser]
-> [Traefik]
-> [Rancher]
-> [Managed clusters / Fleet]
3. Deployment Specifications
| Item |
Value |
| Source path |
rancher/base and rancher/overlays/* |
| Deployment model |
Helm chart rendered through Kustomize overlays |
| Namespace |
cattle-system |
| Workload kind |
Deployment and Helm-managed supporting resources |
| Chart or image version |
Rancher chart 2.11.x family in the current repo state |
| Config files |
base/kustomization.yaml, overlays/prod, overlays/oci |
Cluster mapping
| Cluster |
Overlay path |
Notes |
| prod |
rancher/overlays/prod |
Primary production deployment |
| oci |
rancher/overlays/oci |
OCI-specific variant |
4. Configuration Guide
Environment variables
| Variable |
Source |
Purpose |
Secret? |
| Rancher chart values and ingress settings |
overlay manifests and values |
Configure hostname, ingress, and management behavior |
mixed |
ConfigMaps
| Resource |
Path |
Purpose |
| Helm-generated Rancher config |
rancher/base and rancher/overlays/* |
Management-plane configuration |
Secrets management
- Secret names: TLS, bootstrap admin, and chart-related secrets in cattle-system
- Source of truth: overlay inputs and runtime-created secrets
- Rotation trigger: certificate or admin credential rotation
- Recovery note: restore ingress, TLS, and admin secrets before bringing Rancher back online
5. Access Protocols
| Path |
URL or endpoint |
Audience |
Auth |
TLS terminates at |
| Internal |
Rancher services in cattle-system |
Cluster operators |
Kubernetes and Rancher auth |
Traefik / Rancher |
| External |
Rancher hostnames defined by the active overlay |
Platform operators |
Rancher auth |
Traefik |
6. Operations and Observability
- Primary health indicators: Rancher UI responsive, cluster inventory healthy, and Fleet views available.
- Dashboards or alerts: shared platform monitoring.
- Log locations: Rancher server pod logs and ingress logs.
- Known failure modes: certificate issues, ingress drift, chart upgrade errors, or degraded cluster registration state.
7. Backup and Recovery Notes
- Backup method: management-cluster backup and Rancher-specific backup policy.
- Restore prerequisites: cluster-level backup, restored TLS/admin secrets, and healthy ingress.
- Related runbook: ../runbooks/rancher.md
8. Release and Change Notes
- Current deployed app version: Rancher 2.11.x family in the current repo state.
- Current chart version: see the Rancher overlay values.
- Last significant change: repository coverage added for the active prod and OCI overlays.
- Rollback reference: previous overlay or chart revision in Git.