I’m very happy with Rancher so far and I’ve been able to get several clusters running now on bare metal.
I have a question about securing access to Rancher itself. Currently I have it hosted on a K8s cluster, and use that to deploy several other RKE clusters in different points of presence. The problem is that Rancher itself is accessible via a URL. I’ve already added TLS and am using Github sign in, but I am concerned that an attacker who stumbles on the URL can use a brute force attack on the admin login. As far as I know, there is no recaptcha or any kind of rate limiting.
What is the best practice for making Rancher not accessible to the public?
Thank you so much for making such a great tool.