There are two different agent resources deployed on Rancher managed clusters:

For a conceptual overview of how the Rancher server provisions clusters and what tools it uses to provision them, refer to the architecture

cattle-cluster-agent

The cattle-cluster-agent is used to connect to the Kubernetes API of Rancher Launched Kubernetes clusters. The cattle-cluster-agent is deployed using a Deployment resource.

cattle-node-agent

The cattle-node-agent is used to interact with nodes in a Rancher Launched Kubernetes cluster when performing cluster operations. Examples of cluster operations are upgrading Kubernetes version and creating/restoring etcd snapshots. The cattle-node-agent is deployed using a DaemonSet resource to make sure it runs on every node. The cattle-node-agent is used as fallback option to connect to the Kubernetes API of Rancher Launched Kubernetes clusters when cattle-cluster-agent is unavailable.

Note: In Rancher v2.2.4 and lower, the cattle-node-agent pods did not tolerate all taints, causing Kubernetes upgrades to fail on these nodes. The fix for this has been included in Rancher v2.2.5 and higher.

Scheduling rules

Applies to v2.3.0 and higher

Component nodeAffinity nodeSelectorTerms nodeSelector Tolerations
cattle-cluster-agent beta.kubernetes.io/os:NotIn:windows none operator:Exists
cattle-node-agent beta.kubernetes.io/os:NotIn:windows none operator:Exists

The cattle-cluster-agent Deployment has preferred scheduling rules using requiredDuringSchedulingIgnoredDuringExecution, favoring to be scheduled on nodes with the controlplane node. See Kubernetes: Assigning Pods to Nodes to find more information about scheduling rules.

The requiredDuringSchedulingIgnoredDuringExecution configuration is shown in the table below:

Weight Expression
100 node-role.kubernetes.io/controlplane:In:"true"
1 node-role.kubernetes.io/etcd:In:"true"