I don’t think it’s so much a matter of can’t or even shouldn’t, but more of maintaining a separation of core components, allowing each to scale independently and follow their own lifecycle. Of course this creates some redundancy in your cluster and you may choose to combine roles onto the same set of nodes, but tbh we have found that it’s easier to manage them independently of workers and size the nodes accordingly. Etcd is especially important and tends to be sensitive to specific resources which, if they are taken by business workloads can cause some challenges. In our case we do run some management workloads on all of our nodes of all types. These aren’t business applications but things such as container vulnerability behavioural scanning and such. It’s straightforward enough to allow that to happen by adding the corresponding tolerance to the taint that Rancher adds on deployment. So, it’s entirely your choice where you deploy workloads, there is no right or wrong, and it’s often a balance between resilience, risk, cost and operationally complexity.