Rancher 2.0 HA Architecture Question

I’m trying to figure out the correct architecture to deploy an HA kubernetes cluster in Rancher.

I’ve setup Ansible scripts to build out the following VMs (in OpenStack if relevant):

  • 3 rancher etcd nodes
  • 2 rancher control nodes
  • 3 rancher worker nodes
  • 2 nginx load-balancing proxies (not containerized)

I’m using the ‘Load Balancer’ function in my Rancher setup to provide SSL termination for all my different backend HTTP services along with SNI to determine the correct workload to route to.

My setup is the following:

DNS A record points to both nginx load-balancers

Both nginx load-balancers point to each of the 3 rancher worker nodes (is this the right way to do it?) using the same proxy stream config shown on the rancher 2.0 HA website example.

My questions/concerns are the following:

  • The Rancher 2.0 HA setup example uses 3 nodes, where all 3 are tagged as etcd, control, and worker. I’ve separated my nodes to only perform a single function each.
  • Where does the Rancher ‘Load Balancer’ sit? Does it exist on all 3 worker nodes? Is there a way to limit it to specific nodes?

Unrelated to the deployment, but I’m also trying to understand best practices related to Projects/Namespaces/Clusters.

  • Would the typical dev/int/prod setup be under different projects, or different namespaces?
  • When would it make sense to create separate clusters?