Hello Guys.
I’m looking for info about this since months, but I wasn’t able to find anything.
Are they “best practices” while working with projects in Rancher, as Kubernetes only manage Namespaces?
In particular, any advice on implementing different environments (Testing, Staging and Production).
For example, is better to have a Project for each environment, with all the apps segregated in namespaces inside the project, or to have a project for each app, and the namespace segregating the different envs?
Best regards
1 Like
One of the details of Rancher projects is that you can apply RBAC at the project level, but not the namespace/workload level. If you want to have different people able to manage your production vs staging and dev, then you would want to split them up by environment.
Similarly, if you have multiple apps that should each have their own allowed users, then each of those should be put into its own project for prod/staging/dev.
I think this is really a question about your appetite for vendor specific vs. vendor neutral, and also partly about your near term plans (it’s probably a mistake to look too far ahead in the fast pace times we live in today). On the one hand, if you stick purely to K8s native constructs then pretty much everything you do will be portable to any other K8s implementation, and the management of namespaces falls into that category. Projects are a Rancher construct so, despite the fact they are implemented using K8s objects they don’t work outside of Rancher. OTOH, projects are certainly a very convenient and natural way to manage a collection of namespaces and, as the other responder mentioned allow a simpler approach with less repetition and complexity. In one way, if you use Rancher you are going to be using at least one project anyway (the default project). Where I work we are pretty cautious about proprietary or strongly opinionated implementation details, but actually the Rancher project is one which we have decided is on balance more benefit than risk. We haven’t ‘bet the farm’ on Rancher nor does anyone need to, but where you decide to draw the boundaries that you won’t cross is really up to you. If you see your long term future using Rancher then you may as well leverage as much as you can from it, projects included. If you are unsure, then perhaps select more cautiously.
My opinion only and absolutely YMMV
Fraser.