Private vs Public network placement for AWS

This is a general architecture question for Rancher2. All my infrastructure is in AWS. In my current Rancher I have the Rancher Server and most of the Rancher hosts running in a private subnet. And only the hosts that are running the load balancers are running in a public subnet. For Rancher2, assuming I am going to use AWS ALB/ELBs, Can I run the entire cluster in a private subnet

I am new here and new with rancher in general. I have the same question hence why I joined this forum. Sadly I see no one responded to this question. Today I will make my first attempt to build an HA rancher cluster in AWS.

Following the About High-availability Installations from the docs I assume that the LBs should be in the public network while the rancher servers themselves can be in private networks. I may as well be wrong, I will make my first attempt then I will know for better.


Correct, your Rancher servers should not have public IPs. They should be on private only. Your load balancer can be on public and private depending on your needs. (Lets encrypt requires a Public IP) If all your downstream nodes/clusters are on your private network. They I would recommend only using private IPs.

These are matters of opinion or depending on your requirements. You can use only public IPs on the Internet, only private IPs in a completely air-gapped network, or combinations in between.