Deploy in air-gapped environments
This guide walks you through installing vCluster Platform and deploying virtual clusters in environments without internet access, referred to as air-gapped environments. It covers setting up a private OCI-compliant registry, populating it with container images and Helm charts, configuring vCluster Platform and agents to pull from the registry, and deploying virtual clusters securely and offline.
Prerequisitesβ
- OCI-compliant private registry with a
/charts
folder - A private registry accessible to both the Kubernetes cluster for the platform and connected host clusters and a separate, internet-connected machine. - An offline license key for vCluster Platform - A LoftLabs license key is required to install vCluster Platform.
info
Contact sales@loft.sh to purchase an offline license key or request a trial license key for offline use.
Overviewβ
There are several artifacts that are typically accessed using an internet connection. To complete an air-gapped install, these artifacts need to be accessible by the Kubernetes cluster through a private registry.
- vCluster Platform Helm chart - This Helm chart is typically accessed through the LoftLabs charts repository and is used for installing vCluster Platform and connecting hosts (for example installing agents).
- vCluster Helm chart - This Helm chart is typically accessed through the LoftLabs charts repository and is used for deploying virtual clusters.
- Images used in the Helm charts - These images are typically accessed through different container registries.
After populating the registry with the artifacts, install vCluster Platform, connect host clusters and then deploy virtual clusters. Each step requires additional configuration to use your private registry.
Populate images to private registryβ
Each vCluster Platform GitHub release and vCluster GitHub release provides multiple release assets to help you upload images to a private registry. These assets include text files listing all necessary images and scripts to automate downloading (pulling) and pushing them.
Image text filesβ
Each vCluster Platform release includes a file that lists all container images required for installing vCluster Platform:
images.txt
β Required images for installing vCluster Platform.
In vCluster releases v0.25.0 and later, two files list the container images needed to deploy a vCluster:
images.txt
β Required images for deploying vCluster with the default Kubernetes version.images-optional.txt
β Additional images for deploying vCluster with a different Kubernetes version.
In vCluster releases earlier than v0.25.0, a single file is provided:
vcluster-images.txt
β Required images for deploying vCluster with the default Kubernetes version.
Scripts to pull and push imagesβ
Both product releases contain one script which helps download and package the list of images and another script that pushes images to the private registry. The script from either release can be used to populate the registry.
The difference between the scripts in the different releases is the default name of the tarball that is created. These instructions override the defaults to ensure the correct image text file and tarball is created.
download-images.sh
- A bash script that quickly iterates over all the images files to pull them and package them into a tarball to a machine that has internet access.push-images.sh
- A bash script that takes the tarball generated from the download script to push them to your private registry.
Both releases include download-images.sh
and push-images.sh
, but you only need to download the scripts once.
Pull and push images for vCluster Platformβ
Download the required platform images from public registries and upload them to your private registry for air-gapped installation.
Prerequisitesβ
- Access to the internet
- Ability to push to your OCI-compliant private registry
- Logged in to GitHub Container Registry
wget
installeddocker
installed
Populate the registry with imagesβ
Follow these steps to populate the registry with the required platform images.
Set environment variables for the version of vCluster Platform that you want to deploy and the private registry.
Export environment variablesexport PLATFORM_VERSION=4.3.0 # Replace with desired version
export REGISTRY=ecr.io/myteam # This should be a prefix; do not include any image pathsDownload the assets from the vCluster Platform GitHub release and make the scripts executable.
warningThe
images.txt
contains avcluster-pro
image for the default vCluster version, but doesn't contain all the images required to deploy vCluster. An additional step is required to retrieve all vCluster images.Download assets and prepare scriptswget https://github.com/loft-sh/loft/releases/download/v${PLATFORM_VERSION}/loft-images.txt
wget https://github.com/loft-sh/loft/releases/download/v${PLATFORM_VERSION}/download-images.sh
wget https://github.com/loft-sh/loft/releases/download/v${PLATFORM_VERSION}/push-images.sh
chmod +x ./download-images.sh
chmod +x ./push-images.shRun
download-images.sh
to pull all images and create a tarball of the images.Review the output to confirm all images were pulled successfully and packaged in the tarball.
Download and package images./download-images.sh --image-list loft-images.txt --images loft-images.tar.gz
Run
push-images.sh
to upload all required images to your private registry.When pushing images to your private registry, references to the original (public) image registry are removed. Only the image name and repository are preserved. This enables vCluster to pull all images from your configured private registry.
Push images to private registry./push-images.sh --registry ${REGISTRY} --images loft-images.tar.gz
Pull and push images for vClusterβ
Follow these steps to populate the registry with the specific images needed for deploying vCluster.
Set environment variables for the version of vCluster that you want to deploy and the private registry.
tipYou can review the
tag
of thevcluster-pro
image inimages.txt
to pick the default vCluster version.Export environment variablesexport VCLUSTER_VERSION=0.25.0 # Replace with desired version
# Setting the REGISTRY environment is redundant from the steps in populating vCluster Platform images
# export REGISTRY=ecr.io/myteam # This should be a prefix; do not include any image pathsDownload the text files from the vCluster GitHub release.
The
images.txt
orvcluster-images.txt
files contain multiple Kubernetes versions and distributions. You can edit the file and remove the images for any unwanted versions and distributions.Download image text file for vCluster v0.25.0+ versionswget https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/images.txt
Download image text file for vCluster < v0.25.0 versionswget https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/vClusterimages.txt
Optional: Download the scripts from the vCluster GitHub release and make them executable.
noteIf you've already completed this as part of populating the platform images, you can skip this step.
Download prepare scriptswget https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/download-images.sh
wget https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/push-images.sh
chmod +x ./download-images.sh
chmod +x ./push-images.shRun
download-images.sh
to pull all images and create a tarball of the images.Review the output to confirm all images were pulled successfully and packaged in the tarball.
Download and package images for vCluster v0.25.0+ versions./download-images.sh --image-list images.txt --images vcluster-images.tar.gz
Download and package images for vCluster < v0.25.0 versions./download-images.sh --image-list vcluster-images.txt --images vcluster-images.tar.gz
Run
push-images.sh
to upload all required images to your private registry.Images are pushed to your private registry without public registry references, preserving only the repository and image name. You can configure vCluster to use your private registry for all deployments.
Push images to private registry./push-images.sh --registry ${REGISTRY} --images vcluster-images.tar.gz
Optional: If you want to deploy vCluster v0.25.0 or later with a different Kubernetes version, download the
images-optional.txt
file from the vCluster GitHub release. Additional container images for the version must be downloaded and uploaded to your private registry.The
images-optional.txt
contains multiple Kubernetes distributions and versions. You can edit the file and remove the images for the unwanted distributions and versions.wget https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/images-optional.txt
./download-images.sh --image-list images-optional.txt --images vcluster-images-optional.tar.gz
./push-images.sh --registry ${REGISTRY} --images vcluster-images-optional.tar.gz
Populate the Helm charts to a private registryβ
You can push the following Helm charts to your OCI-compliant private registry:
- vCluster Platform Helm chart: The core chart for deploying the vCluster platform.
- Version-specific Helm charts: Charts required for each vCluster version you intend to deploy.
- Application Helm charts: Charts for applications you plan to deploy with vCluster. See Apps documentation for details.
- Experimental configuration charts: Charts needed when using
experimental.deploy.vcluster.helm
configuration settings.
Detailed steps are only provided for how to pull and push the vCluster Platform and vCluster Helm chart.
Prerequisitesβ
- Access to the internet
- Ability to push to your OCI-compliant private registry
helm
installed: Helm v3.10+
Pull and push the vCluster Platform Helm chartβ
- note
If you havenβt already set the environment variables, set them now before continuing.
The private registry requires a
/charts
folder, where you must push all Helm charts.Export environment variablesexport PLATFORM_VERSION=4.3.0 # Replace with desired version
export REGISTRY=ecr.io/myteam # A charts folder is expected Pull the platform Helm chart and push it to your private registry with the OCI protocol:
Pull and push the Helm chart to your private registryhelm pull vcluster-platform --repo https://charts.loft.sh --version ${PLATFORM_VERSION}
helm push vcluster-platform-${PLATFORM_VERSION}.tgz oci://${REGISTRY}/charts
Pull and push the vCluster Helm chartβ
- note
If you havenβt already set the environment variables, set them now before continuing.
The private registry assumes having a
/charts
folder, which is where to push all the Helm charts.Export environment variablesexport VCLUSTER_VERSION=0.25.0 # Replace with desired version
export REGISTRY=ecr.io/myteam # A charts folder is expected Pull the vCluster Helm chart and push it into your private registry with the OCI protocol.
Pull and push the Helm chart to your private registryhelm pull vcluster --repo https://charts.loft.sh --version ${VCLUSTER_VERSION}
helm push vcluster-${VCLUSTER_VERSION}.tgz oci://${REGISTRY}/charts
Configure and install vCluster Platform and agentβ
To install the platform and connect hosts, you must configure a vcluster-platform.yaml
file.
This YAML file is used as the values.yaml
for the vCluster Platform Helm chart.
Prerequisitesβ
- The cluster must have access to pull the vCluster Platform images from the private registry.
-
Administrator access to a Kubernetes cluster: See Accessing Clusters with kubectl for more information. Your current kube-context must have administrative privileges, which you can verify with
kubectl auth can-i create clusterrole -A
infoTo obtain a kube-context with admin access, ensure you have the necessary credentials and permissions for your Kubernetes cluster. This typically involves using
kubectl config
commands or authenticating through your cloud provider's CLI tools. -
helm
installed: Helm v3.10 is required for deploying the platform. Refer to the Helm Installation Guide if you need to install it. -
kubectl
installed: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.
-
vCluster Platform Pod Resource Requirements
- Requests
- memory:
256Mi
- cpu:
200m
- memory:
- Limits
- memory:
4Gi
- cpu:
2
- memory:
- Requests
-
Ensure that the required network ports are open.
infoThe platform requires open ports for API extensions, webhooks, and cost monitoring. In the infrastructure of private Kubernetes clusters, ensure firewall rules allow traffic from the Kubernetes master to platform components.
8443
β API service extension for cluster communication (v1.cluster.loft.sh
)9443
β Webhook validation and enforcement (loft webhook
)9444
β Management API for platform administration (v1.management.loft.sh
)9090
β Prometheus metrics proxy for cost monitoring
For more information, see Networking to learn about port and firewall rules.
vCluster Platform and agent configurationβ
The vcluster-platform.yaml
file contains all configuration settings for your vCluster Platform and connected hosts (agents) installation.
Reference the offline license key
Reference the license key so that the platform can start with all your enterprise features enabled.
env:
LICENSE_KEY: "YOUR_LICENSE_KEY"
Use a private registry without credentials
- Set the image to be used by the vCluster Platform Helm chart to the image in the private registry.
- Set the default registry for pulling images used in installing vCluster Platform or connecting hosts (i.e. deploying agents).
- Set the default chart registry in the
vcluster-platform.yaml
as the default Helm repository when creating virtual clusters. This should prefix withoci://
to ensure it's being deployed using OCI protocol as well as the/charts
folder.
image: ecr.io/myteam/loft-sh/vcluster-platform:<PLATFORM_VERSION> # Replace with the fully formed image name based on your private registry
env:
DEFAULT_IMAGE_REGISTRY: ecr.io/myteam
DEFAULT_VCLUSTER_CHART_REPO: oci://ecr.io/myteam/charts
# The agent values are needed to keep the agent up to date with the same settings
agentValues:
env:
DEFAULT_IMAGE_REGISTRY: ecr.io/myteam
DEFAULT_VCLUSTER_CHART_REPO: oci://ecr.io/myteam/charts
Use an authenticated private registry
- Set the image to be used by the vCluster Platform Helm chart to the image in the private registry.
- Set the default registry for pulling images used in installing vCluster Platform or connecting hosts (i.e. deploying agents).
- Set the default chart registry in the
vcluster-platform.yaml
as the default Helm repository when creating virtual clusters. This should prefix withoci://
to ensure it's being deployed using OCI protocol as well as the/charts
folder. - For registries that require authentication, create a Kubernetes secret in the namespace where you deploy the vCluster Platform or agent.
- Reference the secret to use those credentials for the registries.
image: ecr.io/myteam/loft-sh/vcluster-platform:v<PLATFORM_VERSION> # Replace with the fully formed image name based on your private registry
env:
DEFAULT_IMAGE_REGISTRY: ecr.io/myteam
DEFAULT_VCLUSTER_CHART_REPO: oci://ecr.io/myteam/charts
HELM_REGISTRY_CONFIG: /loft/helm/.dockerconfigjson
volumes:
- name: helm-pull-secret
secret:
secretName: registry-credentials-secret-name # Replace with the name of the secret deployed on the host cluster of where the Platform is deployed
volumeMounts:
- name: helm-pull-secret
mountPath: /loft/helm
readOnly: true
# The agent values are needed to keep the agent up to date with the same settings
agentValues:
env:
DEFAULT_IMAGE_REGISTRY: ecr.io/myteam
DEFAULT_VCLUSTER_CHART_REPO: oci://ecr.io/myteam/charts
HELM_REGISTRY_CONFIG: /loft/helm/.dockerconfigjson
volumes:
- name: helm-pull-secret
secret:
secretName: registry-credentials-secret-name # Replace with the name of the secret deployed on the host cluster of where the Platform is deployed
volumeMounts:
- name: helm-pull-secret
mountPath: /loft/helm
readOnly: true
This only configures the registry authentication for managing virtual clusters with Helm.
- See App Reference to configure the chart repository URL with username and password authentication.
- See
experimental.deploy.vcluster.helm
configuration to configure repository with username and password authentication.
Use different vCluster Platform login credentials
If the username and password are not set in your vcluster-platform.yaml
, the default credentials are:
- Username:
admin
- Password:
my-password
admin:
create: true
username: newadmin
password: "newpassword"
Install the platformβ
It is recommended to install vCluster Platform on its own host cluster.
Prerequisitesβ
- The machine that is running the install commands must have access to pull the Helm chart from the private registry.
- The host cluster where the vCluster Platform is being installed on must have access to pull images from the private registry.
-
Administrator access to a Kubernetes cluster: See Accessing Clusters with kubectl for more information. Your current kube-context must have administrative privileges, which you can verify with
kubectl auth can-i create clusterrole -A
infoTo obtain a kube-context with admin access, ensure you have the necessary credentials and permissions for your Kubernetes cluster. This typically involves using
kubectl config
commands or authenticating through your cloud provider's CLI tools. -
helm
installed: Helm v3.10 is required for deploying the platform. Refer to the Helm Installation Guide if you need to install it. -
kubectl
installed: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.
Install vCluster Platformβ
On the host cluster, create the namespace for the platform, where vCluster Platform and optionally login credentials are to be deployed in.
Create vCluster Platform namespaceexport PLATFORM_NAMESPACE=vcluster-platform
kubectl create namespace ${PLATFORM_NAMESPACE}Optional: create a secret to authenticate to your private registry.
If your private registry requires authentication, create a Kubernetes secret that stores your login credentials. Place this secret in the same namespace where the vCluster Platform is deployed. There are multiple ways to create your registry credentials as a secret.
Read more about how to quickly create a secret from your docker login.
Example of how to create a Kubernetes secret for login credentialskubectl create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: registry-credentials-secret-name
namespace: ${PLATFORM_NAMESPACE}
type: Opaque
data:
# Credentials based on your private registry
EOFDeploy vCluster Platform into the same namespace.
Deploy vCluster with Helmexport PLATFORM_VERSION=4.3.0 # Replace with the chart version that was pushed into your private registry
export REGISTRY=myecr.io/team # Replace with the private registry
helm upgrade --install vcluster-platform oci://${REGISTRY}/charts/vcluster-platform:${PLATFORM_VERSION} \
--version ${PLATFORM_VERSION} \
--values vcluster-platform.yaml \
--namespace ${PLATFORM_NAMESPACE}
Connect host clustersβ
After installing the platform, connect host clusters by deploying an agent on each host. The host clusters must be able to access the domain where vCluster Platform is hosted.
Deploying an agent is deploying the vCluster Platform Helm chart and vcluster-platform.yaml
. The only difference is when deploying the vCluster Platform Helm
chart is adding additional variables to figure out how to connect to the platform.
Prerequisitesβ
- The machine that is running the install commands must have access to pull the Helm chart from the private registry.
- The host cluster where the vCluster Platform is being installed on must have access to pull images from the private registry.
-
Administrator access to a Kubernetes cluster: See Accessing Clusters with kubectl for more information. Your current kube-context must have administrative privileges, which you can verify with
kubectl auth can-i create clusterrole -A
infoTo obtain a kube-context with admin access, ensure you have the necessary credentials and permissions for your Kubernetes cluster. This typically involves using
kubectl config
commands or authenticating through your cloud provider's CLI tools. -
helm
installed: Helm v3.10 is required for deploying the platform. Refer to the Helm Installation Guide if you need to install it. -
kubectl
installed: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.
Deploy agents to connect host clustersβ
On the host cluster, create the namespace for the agent installation, where the agent and optionally login credentials are to be deployed in.
Create vCluster Platform namespaceexport AGENT_NAMESPACE=vcluster-platform
kubectl create namespace ${AGENT_NAMESPACE}Optional: Create a Secret to authenticate with your private registry.
If your private registry requires authentication, create a Kubernetes Secret that stores your login credentials. Place this secret in the same namespace where the agent is deployed. There are multiple ways to create your registry credentials as a Secret.
For more details, see Create a Secret from your Docker login.
Create a Kubernetes secret for login credentials examplekubectl create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: registry-credentials-secret-name
namespace: ${AGENT_NAMESPACE}
type: Opaque
data:
# Credentials based on your private registry
EOFDeploy the agent into the same namespace.
Deploy vCluster with Helmexport PLATFORM_VERSION=4.3.0 # Replace with the chart version that was pushed into your private registry
export REGISTRY=myecr.io/team # Replace with the private registry
export PLATFORM_DOMAIN=https://myvclusterplatform.com
export PLATFORM_TOKEN=<YOUR_PLATFORM_ACCESS_TOKEN>
helm upgrade --install vcluster-platform oci://${REGISTRY}/charts/vcluster-platform:${PLATFORM_VERSION} \
--version ${PLATFORM_VERSION} \
--values vcluster-platform.yaml \
--namespace ${AGENT_NAMESPACE} \
--set agentOnly=true \
--set url=$PLATFORM_DOMAIN \
--set token=$PLATFORM_TOKEN
Configure and deploy virtual clustersβ
Prerequisitesβ
Before deploying a virtual cluster, ensure the following:
- The host cluster must have access to pull vCluster images from the private registry.
Virtual cluster configurationβ
The vcluster.yaml
file defines all configuration settings for your virtual cluster deployment.
Use a private registry without credentials
Set the default private registry that does not have authentication.
controlPlane:
advanced:
defaultImageRegistry: ecr.io/myteam # Replace with your private registry
Use an authenticated private registry
For registries that require authentication, create a Kubernetes secret in the namespace where you deploy the vCluster. Assign the secret as an image pull secret for the vCluster control plane to access required images.
Optionally, you can use the same image pull secret for workloads inside the vCluster that pull from the same registry.
controlPlane:
advanced:
defaultImageRegistry: ecr.io/myteam # Replace with your private image registry
serviceAccount:
imagePullSecrets: # Uses credentials for the vCluster control plane
- name: registry-credentials-secret-name # Replace with the name of the secret deployed on the host cluster of where the vCluster is deployed
workloadServiceAccount: # Uses credentials for any workloads created in the vCluster
imagePullSecrets:
- name: registry-credentials-secret-name # Replace with the name of the secret deployed on the host cluster of where your vCluster is deployed
When using virtual clusters in air-gapped environments, the
config.experimental.deploy.vcluster.helm
configuration setting does not work with external Helm repositories since they cannot be accessed. This means custom Helm charts from repositories like charts.bitnami.com
cannot be used for virtual cluster deployments.
Use a non-default Kubernetes version
For vCluster v0.25.0+, if you downloaded images-optional.txt
to use a different Kubernetes version, configure vCluster to use that version in your deployment.
controlPlane:
distro:
k8s:
image:
tag: v1.31.1 # Replace with the Kubernetes version that you have chosen
For other versions, refer to the vCluster docs on how to set your image versions.
Replace the alpine image
If you use the sync.toHost.pods.rewriteHosts
feature, manually replace the full path of the alpine image with your private registry path.
The defaultImageRegistry
setting does not apply to this image.
sync:
toHost:
pods:
rewriteHosts:
initContainer:
image: ecr.io/myteam/library/alpine:3.20
Deploy vCluster through the platformβ
When deploying vCluster through the platform console, you'll must add your vcluster.yaml
.
Use an authenticated private registryβ
If you are using a private registry with authentication, you'll need to create a Kubernetes secret that stores your login credentials. Place this secret in the same namespace where the vCluster is deployed so the control plane can pull the required container images.
In the options for the config, there is a section called Host namespace
, add the yaml for the secret in the Kubernetes objects
section.
apiVersion: v1
kind: Secret
metadata:
name: registry-credentials-secret-name
namespace: ${VCLUSTER_NAMESPACE}
type: Opaque
data:
# Credentials based on your private registry
Deploy vCluster using Helmβ
Prerequisitesβ
-
Administrator access to a Kubernetes cluster: See Accessing Clusters with kubectl for more information. Your current kube-context must have administrative privileges, which you can verify with
kubectl auth can-i create clusterrole -A
infoTo obtain a kube-context with admin access, ensure you have the necessary credentials and permissions for your Kubernetes cluster. This typically involves using
kubectl config
commands or authenticating through your cloud provider's CLI tools. -
helm
installed: Helm v3.10 is required for deploying the platform. Refer to the Helm Installation Guide if you need to install it. -
kubectl
installed: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.
In the platform UI, create an access key to connect vCluster to the platform. Save the access key.
Create a Kubernetes secret using the access key in a namespace on the host cluster.
Create platform API key namespace and secret for platform API keyexport APIKEY_NAMESPACE=api-key-namespace
kubectl create namespace ${APIKEY_NAMESPACE}
kubectl create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: vcluster-platform-api-key
namespace: ${APIKEY_NAMESPACE}
type: Opaque
data:
accessKey: # Access key from the Platform UI
host: # domain name of platform
insecure: # ???
EOFOptional: Create a secret to authenticate to your private registry.
If your private registry requires authentication, create a Kubernetes secret that stores your login credentials. Place this secret in the same namespace where the vCluster is deployed so the control plane can pull the required container images.
Create Kubernetes secret for login credentialsexport VCLUSTER_NAMESPACE=vcluster-my-vcluster # Replace with the name of the namespace you want to deploy your vCluster into
kubectl create namespace ${VCLUSTER_NAMESPACE}
kubectl create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: registry-credentials-secret-name
namespace: ${VCLUSTER_NAMESPACE}
type: Opaque
data:
# Credentials based on your private registry
EOFReview your
vcluster.yaml
file.vcluster.yaml configurationcontrolPlane:
advanced:
defaultImageRegistry: ecr.io/myteam # Replace with your private image registry
serviceAccount:
imagePullSecrets:
- name: registry-credentials-secret-name # Replace with the name of the registry credentials secret
workloadServiceAccount:
imagePullSecrets:
- name: registry-credentials-secret-name # Replace with the name of the registry credentials secret
external:
platform:
apiKey:
namespace: api-key-namespace # Replace with the namespace that the secret of the access key was deployed in
secretName: vcluster-platform-api-key # Replace with the name of the secret of the access key
createRBAC: true # Sets up RBAC so that the vcluster can access the secret of the access keyDeploy vCluster.
Deploy vCluster with Helmexport VCLUSTER_NAME="my-vcluster" # Replace with what you want to name your vCluster
export VCLUSTER_VERSION=0.25.0 # Replace with the chart version that was pushed into your private registry
export REGISTRY=myecr.io/team # Replace with the private registry
# Uncomment and create a namespace if you didn't already create one for a secret for the registry
# export VCLUSTER_NAMESPACE=vcluster-my-vcluster # Replace with the name of the namespace you want to deploy your vCluster into
# kubectl create namespace ${VCLUSTER_NAMESPACE}
helm upgrade --install "${VCLUSTER_NAME}" oci://${REGISTRY}/charts/vcluster:${VCLUSTER_VERSION} \
--version ${VCLUSTER_VERSION} \
--values vcluster.yaml \
--namespace ${VCLUSTER_NAMESPACE}