Rancher Managment without public_ip, behind a NAT, using only Terraform

Hey everyone, I’m completely new to Rancher and DevOps in general. I would really appreciate some help with the initial installation of Rancher behind a NAT, all with the help of Terraform IaC.

I’m trying to set up Rancher management using the quickstart repo in AWS. There’s just one thing I want to change - that the machine should be private, behind a NAT and a load balancer.

  • According to the settings in this beginner’s guide, the rancher-common module defines node_public_ip and uses it for the config of the entire environment with an SSH connection. I think this is what limits me in turning the machine into a private one behind a load balancer. Or not? Or would using an NLB instead of an ALB be the way to go?
  • Another thing defined there is rancher_server_dns, which is composed of “.rancher” at the beginning, node_public_ip (the management server running the Rancher supposed to be without a public address), and sslip.io at the end. And all this together is the URL supposed to access the UI of Rancher. Does the sslip.io always happen? Is the use of the rancher-common module too basic for this purpose of privacy?
  • This is how it looks: rancher_server_dns = join(".", ["rancher", aws_instance.rancher_server.public_ip, "sslip.io"])

My goal is to access the Rancher management UI through the DNS address of the load balancer, so that the machine hosting the Rancher management UI would be private behind a NAT. And the only way to SSH into it would be through the bastion.

Thanks a lot!