Currently, when Rancher tries to provision a Kubernetes cluster on vSphere, it needs to initiate API calls to the vSphere endpoint. In a hybrid cloud environment this often means that the Rancher server is not in the same network as the vSphere endpoint. Therefore inbound access is required to be added to a firewall so Rancher can reach the vSphere system. This naturally poses a security concern and creates administrative burden on our users who have to go through a security review to get this approved.

If instead of requiring direct API access, an agent could exist inside the network where the vSphere API lived, then this agent could broker the communication between the Rancher server and the downstream API. The agent would simply initiate an outbound API connection to the Rancher server (much like any node agent or cluster agent currently) and simultaneously proxy any API calls that Rancher needs to make to vSphere. This would also have the benefit of being able to be run through a HTTP proxy, which many security teams will appreciate as a less risky connectivity model.

Looking for hackers with the skills:

rancher backend api

This project is part of:

Hack Week 20


  • 11 months ago: equill liked this project.
  • 11 months ago: toe liked this project.
  • 11 months ago: jsevans liked this project.
  • 11 months ago: wjimenez added keyword "rancher" to this project.
  • 11 months ago: wjimenez added keyword "backend" to this project.
  • 11 months ago: wjimenez added keyword "api" to this project.
  • 11 months ago: wjimenez originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Near-zero downtime upgrades for stateful services with Rancher by mlnoga

    Project Description

    Containers are great ...

    Rancher & Gardener: Stronger Together by mlnoga

    Project Description

    Gardener is SAP's por...

    Rancher and cf-on-k8s by mgrifalconi

    Project Description

    Cloud Foundry For Kuber...

    Rancher Releases by jpayne

    Project Description

    Releasing rancher is ...

    Uyuni/SUSE Manager containerization project by moio

    Deploy Uyuni as an **app from the Rancher marke...

    Developing an opinionated storage appliance by asettle

    [comment]: # (Please use the project descriptio...

    Bird watcher with Raspberry Pi by scuescu

    [comment]: # (Please use the project descriptio...

    Resurrect NWS CLI project by seanmarlow

    Project Description

    Many years back I cre...