This message was deleted.

Rancher manages Kubernetes clusters including providing the user authentication for all managed clusters. As such, you might want to have redundancy if you're doing more than development, so Rancher apparently decided to make itself run in Kubernetes and use that for redundancy instead of reinventing the wheel there (a choice I can understand). So, for your question what you'd want to do if you want to use Rancher with a Kubernetes cluster that's going to be doing work is you want Rancher installed either on a single node if you don't care about redundancy or to a small, fairly low spec (i.e. 3 node) Kubernetes cluster and then have the cluster doing work be managed by Rancher.

It depends on how you want to manage it. It’s not recommended to deploy rancher TO the cluster you want to manage, because if you give out access to that cluster via Rancher, they could then mess with Rancher itself. It’s better to have a standalone cluster for Rancher, and then import or provision additional clusters for your workload, and grant access to those clusters.

What are the ports that needs to be opened for rancher to communicate with k8s cluster.

It doesn't go that way. Agent on the cluster communicates with Rancher. Ports are listed in the docs.