Deploy vCluster on EKS
This guide provides step-by-step instructions for deploying vCluster vCluster
on Amazon EKS.
Prerequisites​
Before staring, ensure you have the following tools installed:
kubectlinstalled: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.vCluster CLI- Homebrew
- Mac (Intel/AMD)
- Mac (Silicon/ARM)
- Linux (AMD)
- Linux (ARM)
- Download Binary
- Windows Powershell
brew install loft-sh/tap/vclusterThe binaries in the tap are signed using the Sigstore framework for enhanced security.
curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-linux-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-linux-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterDownload the binary for your platform from the GitHub Releases page and add this binary to your $PATH.
md -Force "$Env:APPDATA\vcluster"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -URI "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-windows-amd64.exe" -o $Env:APPDATA\vcluster\vcluster.exe;
$env:Path += ";" + $Env:APPDATA + "\vcluster";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);Reboot RequiredYou may need to reboot your computer to use the CLI due to changes to the PATH variable (see below).
Check Environment Variable $PATHLine 4 of this install script adds the install directory
%APPDATA%\vclusterto the$PATHenvironment variable. This is only effective for the current Powershell session, i.e. when opening a new terminal window,vclustermay not be found.Make sure to add the folder
%APPDATA%\vclusterto thePATHenvironment variable after installing vcluster CLI via Powershell. Afterward, a reboot might be necessary.Confirm that you've installed the correct version of the vCluster CLI.
vcluster --version- AWS CLI version 1.16.156 or greater
note
AWS IAM permissions to create roles and policies
- eksctl installed for cluster management
note
Upgrade
eksctlto the latest version to ensure latest Kubernetes version is deployed.
Create EKS cluster​
Start by creating EKS cluster using eksctl. This command creates a file named
cluster.yaml with the required settings. Adjust the cluster name, region, and instance type as needed.
CLUSTER_NAME=vcluster-demo
REGION=eu-central-1
INSTANCE_TYPE=t3.medium
cat << EOF > cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: ${CLUSTER_NAME}
region: ${REGION}
nodeGroups:
- name: ng-1
instanceType: ${INSTANCE_TYPE}
desiredCapacity: 2
volumeSize: 80
addons:
- name: aws-ebs-csi-driver
wellKnownPolicies: # this setting adds IAM and service account
ebsCSIController: true
EOF
The file defines a cluster with two t3.medium instances located in the eu-central-1 region. The aws-ebs-csi-driver add-on is enabled to ensure proper EBS storage provisioning, which is required by vCluster to store data for virtual clusters.
Create the cluster by running:
eksctl create cluster -f cluster.yaml
This command automatically updates your kubeconfig file with the new
cluster configuration.
This process typically takes about 15-20 minutes.
Verify the cluster creation​
Verify the installation by checking if the CSI driver pods are running:
kubectl get pods -n kube-system -l app.kubernetes.io/name=aws-ebs-csi-driver
Expected output should look similar to:
NAME READY STATUS RESTARTS AGE
ebs-csi-controller-794b4448b-fhjxr 6/6 Running 0 2m14s
ebs-csi-controller-794b4448b-j94g5 6/6 Running 0 2m14s
ebs-csi-node-crz7p 3/3 Running 0 2m14s
ebs-csi-node-jg8n8 3/3 Running 0 2m14s
Configure storage class​
vCluster requires a default StorageClass for its persistent volumes. EKS provides the gp2 StorageClass by default, but gp3 is required. Create a new StorageClass:
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
parameters:
type: gp3
encrypted: "true"
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
EOF
Remove the default status from the gp2 StorageClass:
kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
Create virtual cluster​
Now that all the prerequisites are configured, create a virtual cluster using the CLI.
vcluster create my-vcluster --namespace team-x
This command automatically updates your kubeconfig file with the new
cluster configuration.
Verify the Installation​
Check if vCluster pods are running:
kubectl get pods -n team-x
You should see output similar to:
NAME READY STATUS RESTARTS AGE
coredns-666d64755b-k5njg-x-kube-system-x-my-vcluster 1/1 Running 0 3m11s
my-vcluster-0 1/1 Running 0 6m33s
This configuration ensures that:
- Service accounts are properly synced between virtual and host clusters
- Persistent volume claims are handled correctly
- The
gp3storage class created earlier is used
Next steps​
Now that you have vCluster running on EKS, consider:
- Setting up the platform UI to mange your virtual clusters.
- Integrating with Karpenter for autoscaling.
Pod identity​
This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.
When using the platform you can easily enable Pod Identity.
Cleanup​
If you deployed the EKS cluster with this tutorial, and want to clean up the resources, run the following command:
eksctl delete cluster -f cluster.yaml --disable-nodegroup-eviction