3 Architectural overview #
This section outlines the core elements of the SUSE Rancher solution, along with the suggested target platforms and components.
3.1 Solution architecture #
The figure below illustrates the high-level architecture of the SUSE Rancher installation that manages multiple downstream Kubernetes clusters:
- Authentication Proxy
A user is authenticated via SUSE Rancher and then, if authorized, can access both the SUSE Rancher environment and the downstream clusters and workloads.
- API Server
This provides the programmatic interface back-end for a user, using command line interactions with SUSE Rancher and the managed clusters.
- Data Store
The purpose of this service is to capture the configuration and state of SUSE Rancher and the managed clusters to aid in backup and recovery processes.
- Cluster Controller
Interacting with a cluster agent on the downstream cluster, the cluster controller allows the communication path for users and services to leverage for workloads and cluster management.
When set up, users can interact with SUSE Rancher through the Web-based user interface (UI), the command line interface (CLI), and programatically through the application programming interface (API). Depending upon the assigned roles, group membership and privileges, a user could:
manage all clusters, users, roles, projects
deploy new clusters, import other clusters, or remove existing ones
manage workloads across respective or labelled clusters
simply view clusters or workloads, or benefit from what is running
For the best performance and security, the recommended deployment is a dedicated Kubernetes cluster for the SUSE Rancher management server. Running user workloads on this cluster is not advised. After deploying SUSE Rancher, one can then create or import clusters for orchestrated workloads.