vcluster.yaml configuration reference

Create a virtual cluster with a config file

warning

Pre-v0.20.0 values.yaml files are not equivalent to vcluster.yaml with v0.20.0. If you are moving from vCluster 0.19.x to 0.20+, see the conversion guide for how to automatically convert your existing values.yaml configuration file to the new vcluster.yaml format.

Configure your vCluster installation in an optional vcluster.yaml configuration file. Then deploy your changes.

vCluster CLI
Helm
Terraform
Argo CD
Cluster API

vCluster CLI Version

To keep the same version of your vCluster, your CLI needs to be the same version as your virtual cluster.

vcluster create --upgrade <VCLUSTER_NAME> -n <VCLUSTER_NAMESPACE> -f vcluster.yaml

Replace:

<VCLUSTER_NAME> with the name of the vCluster instance to update.
<VCLUSTER_NAMESPACE> with the namespace where the vCluster instance is deployed.

helm upgrade --install <VCLUSTER_NAME> vcluster \
  --values vcluster.yaml \
  --repo https://charts.loft.sh \
  --namespace <VCLUSTER_NAMESPACE> \
  --repository-config=''

Replace:

<VCLUSTER_NAME> with the name of the vCluster instance to update.
<VCLUSTER_NAMESPACE> with the namespace where the vCluster instance is deployed.

The steps assume that you have the terraform file that you initially deployed your terraform resource from.

Generate a new plan with your updated vcluster.yaml.
```
terraform plan
```
Verify that the provider can access your cluster and that the proposed changes are correct.
Apply your new changes.
```
terraform apply
```

Commit and push your updated vcluster.yaml to your configured ArgoCD repository.
Synchronize your ArgoCD repository with your configured cluster.

Learn more about Cluster API Provider for vCluster.

Install the vCluster provider.

clusterctl init --infrastructure vcluster:v0.2.0

Export environment variables to be used by the cluster API provider to create an updated manifest. The manifest will be applied to your Kubernetes cluster, which will update your vCluster with the updated configuration options.
```
 # Replace <VCLUSTER_NAME> and <VCLUSTER_NAMESPACE> with values of the vCluster that you are updating
 export CLUSTER_NAME=<VCLUSTER_NAME>
 export CLUSTER_NAMESPACE=<VCLUSTER_NAMESPACE>
 
 # Since the vcluster.yaml has changed, you'll need to re-export it to the updated vcluster.yaml
 export VCLUSTER_YAML=$(awk '{printf "%s\\n", $0}' vcluster.yaml)
```
Replace:
- <VCLUSTER_NAME> with the name of the vCluster instance to update.
- <VCLUSTER_NAMESPACE> with the namespace where the vCluster instance is deployed.
Regenerate the manifest and apply the updated manifest.
```
 clusterctl generate cluster ${CLUSTER_NAME} \
   --infrastructure vcluster \
   --target-namespace ${CLUSTER_NAMESPACE} \
    | kubectl apply -f -
```
Kubernetes Version
The Kubernetes version for the vCluster is not set at the CAPI provider command. It is configured the vcluster.yaml file based on your Kubernetes distribution.

Wait for vCluster to be updated by watching for the vCluster custom resource to report a ready status.

kubectl wait --for=condition=ready vcluster -n $CLUSTER_NAMESPACE $CLUSTER_NAME --timeout=300s

What is the vcluster.yaml file?

The vcluster.yaml file holds your vCluster configuration and can override the vCluster defaults. If you are familiar with helm, the vcluster.yaml can be used interchangeably with values.yaml and since all vCluster deployment methods are using helm under the hood it behaves the same way. The default values for vCluster you can find in the vCluster repo chart folder. We also publish a vcluster.yaml json schema within the vCluster helm chart that will be used for validating the vcluster.yaml.

Config reference

`exportKubeConfig` required object pro

ExportKubeConfig describes how vCluster should export the vCluster kubeConfig file.

`context` required string pro

Context is the name of the context within the generated kubeconfig to use.

`server` required string pro

Override the default https://localhost:8443 and specify a custom hostname for the generated kubeconfig.

`insecure` required boolean false pro

If tls should get skipped for the server

`serviceAccount` required object pro

ServiceAccount can be used to generate a service account token instead of the default certificates.

`name` required string pro

Name of the service account to be used to generate a service account token instead of the default certificates.

`namespace` required string pro

Namespace of the service account to be used to generate a service account token instead of the default certificates. If omitted, will use the kube-system namespace.

`clusterRole` required string pro

ClusterRole to assign to the service account.

`secret` required object pro

Declare in which host cluster secret vCluster should store the generated virtual cluster kubeconfig. If this is not defined, vCluster will create it with vc-NAME. If you specify another name, vCluster creates the config in this other secret.

`name` required string pro

Name is the name of the secret where the kubeconfig should get stored.

`namespace` required string pro

Namespace where vCluster should store the kubeconfig secret. If this is not equal to the namespace where you deployed vCluster, you need to make sure vCluster has access to this other namespace.

`integrations` required object pro

Integrations holds config for vCluster integrations with other operators or tools running on the host cluster

`metricsServer` required object pro

MetricsServer reuses the metrics server from the host cluster within the vCluster.

`enabled` required boolean false pro

Enabled signals the metrics server integration should be enabled.

`apiService` required object pro

APIService holds information about where to find the metrics-server service. Defaults to metrics-server/kube-system.

`service` required object pro

Service is a reference to the service for the API server.

`name` required string pro

Name is the name of the host service of the apiservice.

`namespace` required string pro

Namespace is the name of the host service of the apiservice.

`port` required integer pro

Port is the target port on the host service to connect to.

`nodes` required boolean true pro

Nodes defines if metrics-server nodes api should get proxied from host to virtual cluster.

`pods` required boolean true pro

Pods defines if metrics-server pods api should get proxied from host to virtual cluster.

`kubeVirt` required object pro

KubeVirt reuses a host kubevirt and makes certain CRDs from it available inside the vCluster

`enabled` required boolean false pro

Enabled signals if the integration should be enabled

`apiService` required object pro

APIService holds information about where to find the virt-api service. Defaults to virt-api/kubevirt.

`service` required object pro

Service is a reference to the service for the API server.

`name` required string pro

Name is the name of the host service of the apiservice.

`namespace` required string pro

Namespace is the name of the host service of the apiservice.

`port` required integer pro

Port is the target port on the host service to connect to.

`webhook` required object pro

Webhook holds configuration for enabling the webhook within the vCluster

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`sync` required object pro

Sync holds configuration on what resources to sync

`dataVolumes` required object pro

If DataVolumes should get synced

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`virtualMachineInstanceMigrations` required object pro

If VirtualMachineInstanceMigrations should get synced

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`virtualMachineInstances` required object pro

If VirtualMachineInstances should get synced

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`virtualMachines` required object pro

If VirtualMachines should get synced

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`virtualMachineClones` required object pro

If VirtualMachineClones should get synced

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`virtualMachinePools` required object pro

If VirtualMachinePools should get synced

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`externalSecrets` required object pro

ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster

`enabled` required boolean false pro

Enabled defines whether the external secret integration is enabled or not

`webhook` required object pro

Webhook defines whether the host webhooks are reused or not

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`sync` required object pro

Sync defines the syncing behavior for the integration

`externalSecrets` required object pro

ExternalSecrets defines whether to sync external secrets or not

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`stores` required object pro

Stores defines whether to sync stores or not

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`clusterStores` required object pro

ClusterStores defines whether to sync cluster stores or not

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`selector` required object pro

Selector defines what cluster stores should be synced

`labels` required object {} pro

Labels defines what labels should be looked for

`certManager` required object pro

CertManager reuses a host cert-manager and makes its CRDs from it available inside the vCluster.

Certificates and Issuers will be synced from the virtual cluster to the host cluster.
ClusterIssuers will be synced from the host cluster to the virtual cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`sync` required object pro

Sync contains advanced configuration for syncing cert-manager resources.

`toHost` required object pro

`certificates` required object pro

Certificates defines if certificates should get synced from the virtual cluster to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`issuers` required object pro

Issuers defines if issuers should get synced from the virtual cluster to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`fromHost` required object pro

`clusterIssuers` required object pro

ClusterIssuers defines if (and which) cluster issuers should get synced from the host cluster to the virtual cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`selector` required object pro

Selector defines what cluster issuers should be imported.

`labels` required object {} pro

Labels defines what labels should be looked for

`sync` required object pro

Sync describes how to sync resources from the virtual cluster to host cluster and back.

`toHost` required object pro

Configure resources to sync from the virtual cluster to the host cluster.

`pods` required object pro

Pods defines if pods created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if pod syncing should be enabled.

`translateImage` required object {} pro

TranslateImage maps an image to another image that should be used instead. For example this can be used to rewrite a certain image that is used within the virtual cluster to be another image on the host cluster

`enforceTolerations` required string[] [] pro

EnforceTolerations will add the specified tolerations to all pods synced by the virtual cluster.

`useSecretsForSATokens` required boolean false pro

UseSecretsForSATokens will use secrets to save the generated service account tokens by virtual cluster instead of using a pod annotation.

`rewriteHosts` required object pro

RewriteHosts is a special option needed to rewrite statefulset containers to allow the correct FQDN. virtual cluster will add a small container to each stateful set pod that will initially rewrite the /etc/hosts file to match the FQDN expected by the virtual cluster.

`enabled` required boolean true pro

Enabled specifies if rewriting stateful set pods should be enabled.

`initContainer` required object pro

InitContainer holds extra options for the init container used by vCluster to rewrite the FQDN for stateful set pods.

`image` required string library/alpine:3.20 pro

Image is the image virtual cluster should use to rewrite this FQDN.

`resources` required object pro

Resources are the resources that should be assigned to the init container for each stateful set init container.

`limits` required object map[cpu:30m memory:64Mi] pro

Limits are resource limits for the container

`requests` required object map[cpu:30m memory:64Mi] pro

Requests are minimal resources that will be consumed by the container

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

Reference treats the path value as a reference to another object and will rewrite it based on the chosen mode automatically. In single-namespace mode this will translate the name to "vxxxxxxxxx" to avoid conflicts with other names, in multi-namespace mode this will not translate the name.

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`secrets` required object pro

Secrets defines if secrets created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`all` required boolean false pro

All defines if all resources of that type should get synced or only the necessary ones that are needed.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`configMaps` required object pro

ConfigMaps defines if config maps created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`all` required boolean false pro

All defines if all resources of that type should get synced or only the necessary ones that are needed.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`ingresses` required object pro

Ingresses defines if ingresses created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`services` required object pro

Services defines if services created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`endpoints` required object pro

Endpoints defines if endpoints created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`networkPolicies` required object pro

NetworkPolicies defines if network policies created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`persistentVolumeClaims` required object pro

PersistentVolumeClaims defines if persistent volume claims created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`persistentVolumes` required object pro

PersistentVolumes defines if persistent volumes created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`volumeSnapshots` required object pro

VolumeSnapshots defines if volume snapshots created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`volumeSnapshotContents` required object pro

VolumeSnapshotContents defines if volume snapshot contents created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`storageClasses` required object pro

StorageClasses defines if storage classes created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`serviceAccounts` required object pro

ServiceAccounts defines if service accounts created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`podDisruptionBudgets` required object pro

PodDisruptionBudgets defines if pod disruption budgets created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`priorityClasses` required object pro

PriorityClasses defines if priority classes created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`customResources` required {key: object} pro

CustomResources defines what custom resources should get synced from the virtual cluster to the host cluster. vCluster will copy the definition automatically from host cluster to virtual cluster on startup. vCluster will also automatically add any required RBAC permissions to the vCluster role for this to work.

`enabled` required boolean pro

Enabled defines if this option should be enabled.

`scope` required string pro

Scope defines the scope of the resource. If undefined, will use Namespaced. Currently only Namespaced is supported.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`fromHost` required object pro

Configure what resources vCluster should sync from the host cluster to the virtual cluster.

`nodes` required object pro

Nodes defines if nodes should get synced from the host cluster to the virtual cluster, but not back.

`enabled` required boolean false pro

Enabled specifies if syncing real nodes should be enabled. If this is disabled, vCluster will create fake nodes instead.

`syncBackChanges` required boolean false pro

SyncBackChanges enables syncing labels and taints from the virtual cluster to the host cluster. If this is enabled someone within the virtual cluster will be able to change the labels and taints of the host cluster node.

`clearImageStatus` required boolean false pro

ClearImageStatus will erase the image status when syncing a node. This allows to hide images that are pulled by the node.

`selector` required object pro

Selector can be used to define more granular what nodes should get synced from the host cluster to the virtual cluster.

`all` required boolean false pro

All specifies if all nodes should get synced by vCluster from the host to the virtual cluster or only the ones where pods are assigned to.

`labels` required object {} pro

Labels are the node labels used to sync nodes from host cluster to virtual cluster. This will also set the node selector when syncing a pod from virtual cluster to host cluster to the same value.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`events` required object pro

Events defines if events should get synced from the host cluster to the virtual cluster, but not back.

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`ingressClasses` required object pro

IngressClasses defines if ingress classes should get synced from the host cluster to the virtual cluster, but not back.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`runtimeClasses` required object pro

RuntimeClasses defines if runtime classes should get synced from the host cluster to the virtual cluster, but not back.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`priorityClasses` required object pro

PriorityClasses defines if priority classes classes should get synced from the host cluster to the virtual cluster, but not back.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`storageClasses` required object pro

StorageClasses defines if storage classes should get synced from the host cluster to the virtual cluster, but not back. If auto, is automatically enabled when the virtual scheduler is enabled.

`enabled` required string|boolean auto pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`csiNodes` required object pro

CSINodes defines if csi nodes should get synced from the host cluster to the virtual cluster, but not back. If auto, is automatically enabled when the virtual scheduler is enabled.

`enabled` required string|boolean auto pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`csiDrivers` required object pro

CSIDrivers defines if csi drivers should get synced from the host cluster to the virtual cluster, but not back. If auto, is automatically enabled when the virtual scheduler is enabled.

`enabled` required string|boolean auto pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`csiStorageCapacities` required object pro

CSIStorageCapacities defines if csi storage capacities should get synced from the host cluster to the virtual cluster, but not back. If auto, is automatically enabled when the virtual scheduler is enabled.

`enabled` required string|boolean auto pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`customResources` required {key: object} pro

CustomResources defines what custom resources should get synced read-only to the virtual cluster from the host cluster. vCluster will automatically add any required RBAC to the vCluster cluster role.

`enabled` required boolean pro

Enabled defines if this option should be enabled.

`scope` required string pro

Scope defines the scope of the resource

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`volumeSnapshotClasses` required object pro

VolumeSnapshotClasses defines if volume snapshot classes created within the virtual cluster should get synced to the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`patches` required object[] pro

Patches patch the resource according to the provided specification.

`path` required string pro

Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.

`expression` required string pro

Expression transforms the value according to the given JavaScript expression.

`reverseExpression` required string pro

ReverseExpression transforms the value according to the given JavaScript expression.

`reference` required object pro

`apiVersion` required string pro

APIVersion is the apiVersion of the referenced object.

`apiVersionPath` required string pro

APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.

`kind` required string pro

Kind is the kind of the referenced object.

`kindPath` required string pro

KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.

`namePath` required string pro

NamePath is the optional relative path to the reference name within the object.

`namespacePath` required string pro

NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the metadata.namespace path of the object.

`labels` required object pro

Labels treats the path value as a labels selector.

`networking` required object pro

Networking options related to the virtual cluster.

`replicateServices` required object pro

ReplicateServices allows replicating services from the host within the virtual cluster or the other way around.

`toHost` required object[] pro

ToHost defines the services that should get synced from virtual cluster to the host cluster. If services are synced to a different namespace than the virtual cluster is in, additional permissions for the other namespace are required.

`from` required string pro

From is the service that should get synced. Can be either in the form name or namespace/name.

`to` required string pro

To is the target service that it should get synced to. Can be either in the form name or namespace/name.

`fromHost` required object[] pro

FromHost defines the services that should get synced from the host to the virtual cluster.

`from` required string pro

From is the service that should get synced. Can be either in the form name or namespace/name.

`to` required string pro

To is the target service that it should get synced to. Can be either in the form name or namespace/name.

`resolveDNS` required object[] pro

ResolveDNS allows to define extra DNS rules. This only works if embedded coredns is configured.

`hostname` required string pro

Hostname is the hostname within the vCluster that should be resolved from.

`service` required string pro

Service is the virtual cluster service that should be resolved from.

`namespace` required string pro

Namespace is the virtual cluster namespace that should be resolved from.

`target` required object pro

Target is the DNS target that should get mapped to

`hostname` required string pro

Hostname to use as a DNS target

`ip` required string pro

IP to use as a DNS target

`hostService` required string pro

HostService to target, format is hostNamespace/hostService

`hostNamespace` required string pro

HostNamespace to target

`vClusterService` required string pro

VClusterService format is hostNamespace/vClusterName/vClusterNamespace/vClusterService

`advanced` required object pro

Advanced holds advanced network options.

`clusterDomain` required string cluster.local pro

ClusterDomain is the Kubernetes cluster domain to use within the virtual cluster.

`fallbackHostCluster` required boolean false pro

FallbackHostCluster allows to fallback dns to the host cluster. This is useful if you want to reach host services without any other modification. You will need to provide a namespace for the service, e.g. my-other-service.my-other-namespace

`proxyKubelets` required object pro

ProxyKubelets allows rewriting certain metrics and stats from the Kubelet to "fake" this for applications such as prometheus or other node exporters.

`byHostname` required boolean true pro

ByHostname will add a special vCluster hostname to the nodes where the node can be reached at. This doesn't work for all applications, e.g. Prometheus requires a node IP.

`byIP` required boolean true pro

ByIP will create a separate service in the host cluster for every node that will point to virtual cluster and will be used to route traffic.

`policies` required object pro

Policies to enforce for the virtual cluster deployment as well as within the virtual cluster.

`networkPolicy` required object pro

NetworkPolicy specifies network policy options.

`enabled` required boolean false pro

Enabled defines if the network policy should be deployed by vCluster.

`fallbackDns` required string 8.8.8.8 pro

`outgoingConnections` required object pro

`ipBlock` required object pro

IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.

`cidr` required string 0.0.0.0/0 pro

cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"

`except` required string[] [100.64.0.0/10 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16] pro

except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range

`platform` required boolean true pro

Platform enables egress access towards loft platform

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`podSecurityStandard` required string pro

PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged

`resourceQuota` required object pro

ResourceQuota specifies resource quota options.

`enabled` required string|boolean auto pro

Enabled defines if the resource quota should be enabled. "auto" means that if limitRange is enabled, the resourceQuota will be enabled as well.

`quota` required object map[count/configmaps:100 count/endpoints:40 count/persistentvolumeclaims:20 count/pods:20 count/secrets:100 count/services:20 limits.cpu:20 limits.ephemeral-storage:160Gi limits.memory:40Gi requests.cpu:10 requests.ephemeral-storage:60Gi requests.memory:20Gi requests.storage:100Gi services.loadbalancers:1 services.nodeports:0] pro

Quota are the quota options

`scopeSelector` required object map[matchExpressions:[]] pro

ScopeSelector is the resource quota scope selector

`scopes` required string[] [] pro

Scopes are the resource quota scopes

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`limitRange` required object pro

LimitRange specifies limit range options.

`enabled` required string|boolean auto pro

Enabled defines if the limit range should be deployed by vCluster. "auto" means that if resourceQuota is enabled, the limitRange will be enabled as well.

`default` required object map[cpu:1 ephemeral-storage:8Gi memory:512Mi] pro

Default are the default limits for the limit range

`defaultRequest` required object map[cpu:100m ephemeral-storage:3Gi memory:128Mi] pro

DefaultRequest are the default request options for the limit range

`max` required object {} pro

Max are the max limits for the limit range

`min` required object {} pro

Min are the min limits for the limit range

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`centralAdmission` required object pro

CentralAdmission defines what validating or mutating webhooks should be enforced within the virtual cluster.

`validatingWebhooks` required object[] pro

ValidatingWebhooks are validating webhooks that should be enforced in the virtual cluster

`kind` required string pro

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to.

`apiVersion` required string pro

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.

`metadata` required object pro

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

`name` required string pro

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition.

`labels` required object pro

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.

`annotations` required object pro

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.

`webhooks` required object[] pro

Webhooks is a list of webhooks and the affected resources and operations.

`name` required string pro

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.

`clientConfig` required object pro

ClientConfig defines how to communicate with the hook.

`url` required string pro

URL gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

`service` required object pro

Service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

`namespace` required string pro

Namespace is the namespace of the service.

`name` required string pro

Name is the name of the service.

`path` required string pro

Path is an optional URL path which will be sent in any request to this service.

`port` required integer pro

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

`caBundle` required string pro

CABundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

`rules` required object[] pro

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule.

`failurePolicy` required string pro

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

`matchPolicy` required string pro

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

`namespaceSelector` required object pro

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

`objectSelector` required object pro

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector.

`sideEffects` required string pro

SideEffects states whether this webhook has side effects.

`timeoutSeconds` required integer pro

TimeoutSeconds specifies the timeout for this webhook.

`admissionReviewVersions` required string[] pro

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects.

`matchConditions` required object[] pro

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

`mutatingWebhooks` required object[] pro

MutatingWebhooks are mutating webhooks that should be enforced in the virtual cluster

`kind` required string pro

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to.

`apiVersion` required string pro

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.

`metadata` required object pro

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

`name` required string pro

`labels` required object pro

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.

`annotations` required object pro

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.

`webhooks` required object[] pro

Webhooks is a list of webhooks and the affected resources and operations.

`reinvocationPolicy` required string pro

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

`name` required string pro

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.

`clientConfig` required object pro

ClientConfig defines how to communicate with the hook.

`url` required string pro

URL gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

`service` required object pro

Service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

`namespace` required string pro

Namespace is the namespace of the service.

`name` required string pro

Name is the name of the service.

`path` required string pro

Path is an optional URL path which will be sent in any request to this service.

`port` required integer pro

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

`caBundle` required string pro

CABundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

`rules` required object[] pro

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule.

`failurePolicy` required string pro

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

`matchPolicy` required string pro

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

`namespaceSelector` required object pro

`objectSelector` required object pro

`sideEffects` required string pro

SideEffects states whether this webhook has side effects.

`timeoutSeconds` required integer pro

TimeoutSeconds specifies the timeout for this webhook.

`admissionReviewVersions` required string[] pro

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects.

`matchConditions` required object[] pro

`controlPlane` required object pro

Configure vCluster's control plane components and deployment.

`distro` required object pro

Distro holds virtual cluster related distro options. A distro cannot be changed after vCluster is deployed.

`k8s` required object pro

K8S holds K8s relevant configuration.

`enabled` required boolean false pro

Enabled specifies if the K8s distro should be enabled. Only one distro can be enabled at the same time.

`version` required string pro

Version specifies k8s components (scheduler, kube-controller-manager & apiserver) version. It is a shortcut for controlPlane.distro.k8s.apiServer.image.tag, controlPlane.distro.k8s.controllerManager.image.tag and controlPlane.distro.k8s.scheduler.image.tag If e.g. controlPlane.distro.k8s.version is set to v1.30.1 and controlPlane.distro.k8s.scheduler.image.tag (or controlPlane.distro.k8s.controllerManager.image.tag or controlPlane.distro.k8s.apiServer.image.tag) is set to v1.31.0, value from controlPlane.distro.k8s.(controlPlane-component).image.tag will be used (where controlPlane-component is apiServer, controllerManager and scheduler).

`apiServer` required object pro

APIServer holds configuration specific to starting the api server.

`enabled` required boolean true pro

Enabled signals this container should be enabled.

`image` required object pro

Image is the distro image

`registry` required string registry.k8s.io pro

Registry is the registry of the container image, e.g. my-registry.com or ghcr.io. This setting can be globally overridden via the controlPlane.advanced.defaultImageRegistry option. Empty means docker hub.

`repository` required string kube-apiserver pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string v1.31.1 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the distro image

`command` required string[] [] pro

Command is the command to start the distro binary. This will override the existing command.

`extraArgs` required string[] [] pro

ExtraArgs are additional arguments to pass to the distro binary.

`controllerManager` required object pro

ControllerManager holds configuration specific to starting the controller manager.

`enabled` required boolean true pro

Enabled signals this container should be enabled.

`image` required object pro

Image is the distro image

`registry` required string registry.k8s.io pro

`repository` required string kube-controller-manager pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string v1.31.1 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the distro image

`command` required string[] [] pro

Command is the command to start the distro binary. This will override the existing command.

`extraArgs` required string[] [] pro

ExtraArgs are additional arguments to pass to the distro binary.

`scheduler` required object pro

Scheduler holds configuration specific to starting the scheduler. Enable this via controlPlane.advanced.virtualScheduler.enabled

`image` required object pro

Image is the distro image

`registry` required string registry.k8s.io pro

`repository` required string kube-scheduler pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string v1.31.1 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the distro image

`command` required string[] [] pro

Command is the command to start the distro binary. This will override the existing command.

`extraArgs` required string[] [] pro

ExtraArgs are additional arguments to pass to the distro binary.

`env` required object[] [] pro

Env are extra environment variables to use for the main container and NOT the init container.

`resources` required object map[limits:map[cpu:100m memory:256Mi] requests:map[cpu:40m memory:64Mi]] pro

Resources for the distro init container

`securityContext` required object {} pro

Security options can be used for the distro init container

`k3s` required object pro

K3S holds K3s relevant configuration.

`enabled` required boolean false pro

Enabled specifies if the K3s distro should be enabled. Only one distro can be enabled at the same time.

`token` required string pro

Token is the K3s token to use. If empty, vCluster will choose one.

`env` required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

`resources` required object map[limits:map[cpu:100m memory:256Mi] requests:map[cpu:40m memory:64Mi]] pro

Resources for the distro init container

`securityContext` required object {} pro

Security options can be used for the distro init container

`image` required object pro

Image is the distro image

`registry` required string pro

`repository` required string rancher/k3s pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string v1.31.1-k3s1 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the distro image

`command` required string[] [] pro

Command is the command to start the distro binary. This will override the existing command.

`extraArgs` required string[] [] pro

ExtraArgs are additional arguments to pass to the distro binary.

`k0s` required object pro

K0S holds k0s relevant configuration.

`enabled` required boolean false pro

Enabled specifies if the k0s distro should be enabled. Only one distro can be enabled at the same time.

`config` required string pro

Config allows you to override the k0s config passed to the k0s binary.

`env` required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

`resources` required object map[limits:map[cpu:100m memory:256Mi] requests:map[cpu:40m memory:64Mi]] pro

Resources for the distro init container

`securityContext` required object {} pro

Security options can be used for the distro init container

`image` required object pro

Image is the distro image

`registry` required string pro

`repository` required string k0sproject/k0s pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string v1.30.2-k0s.0 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the distro image

`command` required string[] [] pro

Command is the command to start the distro binary. This will override the existing command.

`extraArgs` required string[] [] pro

ExtraArgs are additional arguments to pass to the distro binary.

`backingStore` required object pro

BackingStore defines which backing store to use for virtual cluster. If not defined will use embedded database as a default backing store.

`etcd` required object pro

Etcd defines that etcd should be used as the backend for the virtual cluster

`embedded` required object pro

Embedded defines to use embedded etcd as a storage backend for the virtual cluster

`enabled` required boolean false pro

Enabled defines if the embedded etcd should be used.

`migrateFromDeployedEtcd` required boolean false pro

MigrateFromDeployedEtcd signals that vCluster should migrate from the deployed external etcd to embedded etcd.

`deploy` required object pro

Deploy defines to use an external etcd that is deployed by the helm chart

`enabled` required boolean false pro

Enabled defines that an external etcd should be deployed.

`statefulSet` required object pro

StatefulSet holds options for the external etcd statefulSet.

`enabled` required boolean true pro

Enabled defines if the statefulSet should be deployed

`enableServiceLinks` required boolean true pro

EnableServiceLinks for the StatefulSet pod

`image` required object pro

Image is the image to use for the external etcd statefulSet

`registry` required string registry.k8s.io pro

`repository` required string etcd pro

Repository is the repository of the container image, e.g. my-repo/my-image

`tag` required string 3.5.15-0 pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy for the external etcd image

`env` required object[] [] pro

Env are extra environment variables

`extraArgs` required string[] [] pro

ExtraArgs are appended to the etcd command.

`resources` required object pro

Resources the etcd can consume

`limits` required object pro

Limits are resource limits for the container

`requests` required object map[cpu:20m memory:150Mi] pro

Requests are minimal resources that will be consumed by the container

`pods` required object pro

Pods defines extra metadata for the etcd pods.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`highAvailability` required object pro

HighAvailability are high availability options

`replicas` required integer 1 pro

Replicas are the amount of pods to use.

`scheduling` required object pro

Scheduling options for the etcd pods.

`nodeSelector` required object {} pro

NodeSelector is the node selector to apply to the pod.

`affinity` required object {} pro

Affinity is the affinity to apply to the pod.

`tolerations` required object[] [] pro

Tolerations are the tolerations to apply to the pod.

`priorityClassName` required string pro

PriorityClassName is the priority class name for the the pod.

`podManagementPolicy` required string Parallel pro

PodManagementPolicy is the statefulSet pod management policy.

`topologySpreadConstraints` required object[] [] pro

TopologySpreadConstraints are the topology spread constraints for the pod.

`security` required object pro

Security options for the etcd pods.

`podSecurityContext` required object {} pro

PodSecurityContext specifies security context options on the pod level.

`containerSecurityContext` required object {} pro

ContainerSecurityContext specifies security context options on the container level.

`persistence` required object pro

Persistence options for the etcd pods.

`volumeClaim` required object pro

VolumeClaim can be used to configure the persistent volume claim.

`enabled` required boolean true pro

Enabled enables deploying a persistent volume claim.

`accessModes` required string[] [ReadWriteOnce] pro

AccessModes are the persistent volume claim access modes.

`retentionPolicy` required string Retain pro

RetentionPolicy is the persistent volume claim retention policy.

`size` required string 5Gi pro

Size is the persistent volume claim storage size.

`storageClass` required string pro

StorageClass is the persistent volume claim storage class.

`volumeClaimTemplates` required object[] [] pro

VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet

`addVolumes` required object[] [] pro

AddVolumes defines extra volumes for the pod

`addVolumeMounts` required object[] pro

AddVolumeMounts defines extra volume mounts for the container

`name` required string pro

This must match the Name of a Volume.

`readOnly` required boolean pro

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

`mountPath` required string pro

Path within the container at which the volume should be mounted. Must not contain ':'.

`subPath` required string pro

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

`mountPropagation` required string pro

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

`subPathExpr` required string pro

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`service` required object pro

Service holds options for the external etcd service.

`enabled` required boolean true pro

Enabled defines if the etcd service should be deployed

`annotations` required object {} pro

Annotations are extra annotations for the external etcd service

`headlessService` required object pro

HeadlessService holds options for the external etcd headless service.

`annotations` required object {} pro

Annotations are extra annotations for the external etcd headless service

`database` required object pro

Database defines that a database backend should be used as the backend for the virtual cluster. This uses a project called kine under the hood which is a shim for bridging Kubernetes and relational databases.

`embedded` required object pro

Embedded defines that an embedded database (sqlite) should be used as the backend for the virtual cluster

`enabled` required boolean false pro

Enabled defines if the database should be used.

`dataSource` required string pro

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the embedded database. Examples:

mysql: mysql://username:password@tcp(hostname:3306)/k3s
postgres: postgres://username:password@hostname:5432/k3s

`keyFile` required string pro

KeyFile is the key file to use for the database. This is optional.

`certFile` required string pro

CertFile is the cert file to use for the database. This is optional.

`caFile` required string pro

CaFile is the ca file to use for the database. This is optional.

`external` required object pro

External defines that an external database should be used as the backend for the virtual cluster

`enabled` required boolean false pro

Enabled defines if the database should be used.

`dataSource` required string pro

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the embedded database. Examples:

mysql: mysql://username:password@tcp(hostname:3306)/k3s
postgres: postgres://username:password@hostname:5432/k3s

`keyFile` required string pro

KeyFile is the key file to use for the database. This is optional.

`certFile` required string pro

CertFile is the cert file to use for the database. This is optional.

`caFile` required string pro

CaFile is the ca file to use for the database. This is optional.

`connector` required string pro

Connector specifies a secret located in a connected vCluster Platform that contains database server connection information to be used by Platform to create a database and database user for the vCluster. and non-privileged user. A kine endpoint should be created using the database and user on Platform registration. This is optional.

`coredns` required object pro

CoreDNS defines everything related to the coredns that is deployed and used within the vCluster.

`enabled` required boolean true pro

Enabled defines if coredns is enabled

`embedded` required boolean false pro

Embedded defines if vCluster will start the embedded coredns service within the control-plane and not as a separate deployment. This is a PRO feature.

`service` required object pro

Service holds extra options for the coredns service deployed within the virtual cluster

`spec` required object map[type:ClusterIP] pro

Spec holds extra options for the coredns service

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`deployment` required object pro

Deployment holds extra options for the coredns deployment deployed within the virtual cluster

`image` required string pro

Image is the coredns image to use

`replicas` required integer 1 pro

Replicas is the amount of coredns pods to run.

`nodeSelector` required object {} pro

NodeSelector is the node selector to use for coredns.

`affinity` required object {} pro

Affinity is the affinity to apply to the pod.

`tolerations` required object[] [] pro

Tolerations are the tolerations to apply to the pod.

`resources` required object pro

Resources are the desired resources for coredns.

`limits` required object map[cpu:1000m memory:170Mi] pro

Limits are resource limits for the container

`requests` required object map[cpu:20m memory:64Mi] pro

Requests are minimal resources that will be consumed by the container

`pods` required object pro

Pods is additional metadata for the coredns pods.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`topologySpreadConstraints` required object[] [map[labelSelector:map[matchLabels:map[k8s-app:vcluster-kube-dns]] maxSkew:1 topologyKey:kubernetes.io/hostname whenUnsatisfiable:DoNotSchedule]] pro

TopologySpreadConstraints are the topology spread constraints for the CoreDNS pod.

`overwriteConfig` required string pro

OverwriteConfig can be used to overwrite the coredns config

`overwriteManifests` required string pro

OverwriteManifests can be used to overwrite the coredns manifests used to deploy coredns

`priorityClassName` required string pro

PriorityClassName specifies the priority class name for the CoreDNS pods.

`proxy` required object pro

Proxy defines options for the virtual cluster control plane proxy that is used to do authentication and intercept requests.

`bindAddress` required string 0.0.0.0 pro

BindAddress under which vCluster will expose the proxy.

`port` required integer 8443 pro

Port under which vCluster will expose the proxy. Changing port is currently not supported.

`extraSANs` required string[] [] pro

ExtraSANs are extra hostnames to sign the vCluster proxy certificate for.

`hostPathMapper` required object pro

HostPathMapper defines if vCluster should rewrite host paths.

`enabled` required boolean pro

Enabled specifies if the host path mapper will be used

`central` required boolean pro

Central specifies if the central host path mapper will be used

`ingress` required object pro

Ingress defines options for vCluster ingress deployed by Helm.

`enabled` required boolean false pro

Enabled defines if the control plane ingress should be enabled

`host` required string my-host.com pro

Host is the host where vCluster will be reachable

`pathType` required string ImplementationSpecific pro

PathType is the path type of the ingress

`spec` required object map[tls:[]] pro

Spec allows you to configure extra ingress options.

`annotations` required object map[nginx.ingress.kubernetes.io/backend-protocol:HTTPS nginx.ingress.kubernetes.io/ssl-passthrough:true nginx.ingress.kubernetes.io/ssl-redirect:true] pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`service` required object pro

Service defines options for vCluster service deployed by Helm.

`enabled` required boolean true pro

Enabled defines if the control plane service should be enabled

`spec` required object map[type:ClusterIP] pro

Spec allows you to configure extra service options.

`kubeletNodePort` required integer 0 pro

KubeletNodePort is the node port where the fake kubelet is exposed. Defaults to 0.

`httpsNodePort` required integer 0 pro

HTTPSNodePort is the node port where https is exposed. Defaults to 0.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`statefulSet` required object pro

StatefulSet defines options for vCluster statefulSet deployed by Helm.

`highAvailability` required object pro

HighAvailability holds options related to high availability.

`replicas` required integer 1 pro

Replicas is the amount of replicas to use for the statefulSet.

`leaseDuration` required integer 60 pro

LeaseDuration is the time to lease for the leader.

`renewDeadline` required integer 40 pro

RenewDeadline is the deadline to renew a lease for the leader.

`retryPeriod` required integer 15 pro

RetryPeriod is the time until a replica will retry to get a lease.

`resources` required object pro

Resources are the resource requests and limits for the statefulSet container.

`limits` required object map[ephemeral-storage:8Gi memory:2Gi] pro

Limits are resource limits for the container

`requests` required object map[cpu:200m ephemeral-storage:400Mi memory:256Mi] pro

Requests are minimal resources that will be consumed by the container

`scheduling` required object pro

Scheduling holds options related to scheduling.

`nodeSelector` required object {} pro

NodeSelector is the node selector to apply to the pod.

`affinity` required object {} pro

Affinity is the affinity to apply to the pod.

`tolerations` required object[] [] pro

Tolerations are the tolerations to apply to the pod.

`priorityClassName` required string pro

PriorityClassName is the priority class name for the the pod.

`podManagementPolicy` required string Parallel pro

PodManagementPolicy is the statefulSet pod management policy.

`topologySpreadConstraints` required object[] [] pro

TopologySpreadConstraints are the topology spread constraints for the pod.

`security` required object pro

Security defines pod or container security context.

`podSecurityContext` required object {} pro

PodSecurityContext specifies security context options on the pod level.

`containerSecurityContext` required object map[allowPrivilegeEscalation:false runAsGroup:0 runAsUser:0] pro

ContainerSecurityContext specifies security context options on the container level.

`probes` required object pro

Probes enables or disables the main container probes.

`livenessProbe` required object pro

LivenessProbe specifies if the liveness probe for the container should be enabled

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`readinessProbe` required object pro

ReadinessProbe specifies if the readiness probe for the container should be enabled

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`startupProbe` required object pro

StartupProbe specifies if the startup probe for the container should be enabled

`enabled` required boolean true pro

Enabled defines if this option should be enabled.

`persistence` required object pro

Persistence defines options around persistence for the statefulSet.

`volumeClaim` required object pro

VolumeClaim can be used to configure the persistent volume claim.

`enabled` required string|boolean auto pro

Enabled enables deploying a persistent volume claim. If auto, vCluster will automatically determine based on the chosen distro and other options if this is required.

`accessModes` required string[] [ReadWriteOnce] pro

AccessModes are the persistent volume claim access modes.

`retentionPolicy` required string Retain pro

RetentionPolicy is the persistent volume claim retention policy.

`size` required string 5Gi pro

Size is the persistent volume claim storage size.

`storageClass` required string pro

StorageClass is the persistent volume claim storage class.

`volumeClaimTemplates` required object[] [] pro

VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet

`dataVolume` required object[] [] pro

Allows you to override the dataVolume. Only works correctly if volumeClaim.enabled=false.

`binariesVolume` required object[] [map[emptyDir:map[] name:binaries]] pro

BinariesVolume defines a binaries volume that is used to retrieve distro specific executables to be run by the syncer controller. This volume doesn't need to be persistent.

`addVolumes` required object[] [] pro

AddVolumes defines extra volumes for the pod

`addVolumeMounts` required object[] pro

AddVolumeMounts defines extra volume mounts for the container

`name` required string pro

This must match the Name of a Volume.

`readOnly` required boolean pro

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

`mountPath` required string pro

Path within the container at which the volume should be mounted. Must not contain ':'.

`subPath` required string pro

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

`mountPropagation` required string pro

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

`subPathExpr` required string pro

`enableServiceLinks` required boolean true pro

EnableServiceLinks for the StatefulSet pod

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`pods` required object pro

Additional labels or annotations for the statefulSet pods.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`image` required object pro

Image is the image for the controlPlane statefulSet container

`registry` required string ghcr.io pro

Configure the registry of the container image, e.g. my-registry.com or ghcr.io It defaults to ghcr.io and can be overriding either by using this field or controlPlane.advanced.defaultImageRegistry

`repository` required string loft-sh/vcluster-pro pro

Configure the repository of the container image, e.g. my-repo/my-image. It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default. If you still want to use the pure OSS build, use 'loft-sh/vcluster-oss' instead.

`tag` required string pro

Tag is the tag of the container image, e.g. latest

`imagePullPolicy` required string pro

ImagePullPolicy is the policy how to pull the image.

`workingDir` required string pro

WorkingDir specifies in what folder the main process should get started.

`command` required string[] [] pro

Command allows you to override the main command.

`args` required string[] [] pro

Args allows you to override the main arguments.

`env` required object[] [] pro

Env are additional environment variables for the statefulSet container.

`dnsPolicy` required string pro

Set DNS policy for the pod.

`dnsConfig` required object pro

Specifies the DNS parameters of a pod.

`nameservers` required string[] pro

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

`searches` required string[] pro

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

`options` required object[] pro

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

`name` required string pro

Required.

`value` required string pro

`serviceMonitor` required object pro

ServiceMonitor can be used to automatically create a service monitor for vCluster deployment itself.

`enabled` required boolean false pro

Enabled configures if Helm should create the service monitor.

`labels` required object {} pro

Labels are the extra labels to add to the service monitor.

`annotations` required object {} pro

Annotations are the extra annotations to add to the service monitor.

`advanced` required object pro

Advanced holds additional configuration for the vCluster control plane.

`defaultImageRegistry` required string pro

DefaultImageRegistry will be used as a prefix for all internal images deployed by vCluster or Helm. This makes it easy to upload all required vCluster images to a single private repository and set this value. Workload images are not affected by this.

`virtualScheduler` required object pro

VirtualScheduler defines if a scheduler should be used within the virtual cluster or the scheduling decision for workloads will be made by the host cluster.

`enabled` required boolean false pro

Enabled defines if this option should be enabled.

`serviceAccount` required object pro

ServiceAccount specifies options for the vCluster control plane service account.

`enabled` required boolean true pro

Enabled specifies if the service account should get deployed.

`name` required string pro

Name specifies what name to use for the service account.

`imagePullSecrets` required object[] pro

ImagePullSecrets defines extra image pull secrets for the service account.

`name` required string pro

Name of the image pull secret to use.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`workloadServiceAccount` required object pro

WorkloadServiceAccount specifies options for the service account that will be used for the workloads that run within the virtual cluster.

`enabled` required boolean true pro

Enabled specifies if the service account for the workloads should get deployed.

`name` required string pro

Name specifies what name to use for the service account for the virtual cluster workloads.

`imagePullSecrets` required object[] pro

ImagePullSecrets defines extra image pull secrets for the workload service account.

`name` required string pro

Name of the image pull secret to use.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`headlessService` required object pro

HeadlessService specifies options for the headless service used for the vCluster StatefulSet.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`labels` required object {} pro

Labels are extra labels for this resource.

`globalMetadata` required object pro

GlobalMetadata is metadata that will be added to all resources deployed by Helm.

`annotations` required object {} pro

Annotations are extra annotations for this resource.

`rbac` required object pro

RBAC options for the virtual cluster.

`role` required object pro

Role holds virtual cluster role configuration

`enabled` required boolean true pro

Enabled defines if the role should be enabled or disabled.

`extraRules` required object[] [] pro

ExtraRules will add rules to the role.

`overwriteRules` required object[] [] pro

OverwriteRules will overwrite the role rules completely.

`clusterRole` required object pro

ClusterRole holds virtual cluster cluster role configuration

`enabled` required string|boolean auto pro

Enabled defines if the cluster role should be enabled or disabled. If auto, vCluster automatically determines whether the virtual cluster requires a cluster role.

`extraRules` required object[] [] pro

ExtraRules will add rules to the cluster role.

`overwriteRules` required object[] [] pro

OverwriteRules will overwrite the cluster role rules completely.

`plugins` required {key: object} pro

Define which vCluster plugins to load.

`name` required string pro

Name is the name of the init-container and NOT the plugin name

`image` required string pro

Image is the container image that should be used for the plugin

`imagePullPolicy` required string pro

ImagePullPolicy is the pull policy to use for the container image

`config` required object pro

Config is the plugin config to use. This can be arbitrary config used for the plugin.

`rbac` required object pro

RBAC holds additional rbac configuration for the plugin

`role` required object pro

Role holds extra virtual cluster role permissions for the plugin

`extraRules` required object[] pro

ExtraRules are extra rbac permissions roles that will be added to role or cluster role

`verbs` required string[] pro

Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.

`apiGroups` required string[] pro

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.

`resources` required string[] pro

Resources is a list of resources this rule applies to. '*' represents all resources.

`resourceNames` required string[] pro

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

`nonResourceURLs` required string[] pro

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.

`clusterRole` required object pro

ClusterRole holds extra virtual cluster cluster role permissions required for the plugin

`extraRules` required object[] pro

ExtraRules are extra rbac permissions roles that will be added to role or cluster role

`verbs` required string[] pro

Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.

`apiGroups` required string[] pro

`resources` required string[] pro

Resources is a list of resources this rule applies to. '*' represents all resources.

`resourceNames` required string[] pro

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

`nonResourceURLs` required string[] pro

`command` required string[] pro

Command is the command that should be used for the init container

`args` required string[] pro

Args are the arguments that should be used for the init container

`securityContext` required object pro

SecurityContext is the container security context used for the init container

`resources` required object pro

Resources are the container resources used for the init container

`volumeMounts` required object[] pro

VolumeMounts are extra volume mounts for the init container

`experimental` required object pro

Experimental features for vCluster. Configuration here might change, so be careful with this.

`deploy` required object pro

Deploy allows you to configure manifests and Helm charts to deploy within the host or virtual cluster.

`host` required object pro

Host defines what manifests to deploy into the host cluster

`manifests` required string pro

Manifests are raw Kubernetes manifests that should get applied within the host cluster.

`manifestsTemplate` required string pro

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the host cluster.

`vcluster` required object pro

VCluster defines what manifests and charts to deploy into the vCluster

`manifests` required string pro

Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.

`manifestsTemplate` required string pro

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.

`helm` required object[] pro

Helm are Helm charts that should get deployed into the virtual cluster

`chart` required object pro

Chart defines what chart should get deployed.

`name` required string pro

`repo` required string pro

`insecure` required boolean pro

`version` required string pro

`username` required string pro

`password` required string pro

`release` required object pro

Release defines what release should get deployed.

`name` required string pro

Name of the release

`namespace` required string pro

Namespace of the release

`values` required string pro

Values defines what values should get used.

`timeout` required string pro

Timeout defines the timeout for Helm

`bundle` required string pro

Bundle allows to compress the Helm chart and specify this instead of an online chart

`syncSettings` required object pro

SyncSettings are advanced settings for the syncer controller.

`disableSync` required boolean false pro

DisableSync will not sync any resources and disable most control plane functionality.

`rewriteKubernetesService` required boolean false pro

RewriteKubernetesService will rewrite the Kubernetes service to point to the vCluster service if disableSync is enabled

`targetNamespace` required string pro

TargetNamespace is the namespace where the workloads should get synced to.

`setOwner` required boolean true pro

SetOwner specifies if vCluster should set an owner reference on the synced objects to the vCluster service. This allows for easy garbage collection.

`hostMetricsBindAddress` required string pro

HostMetricsBindAddress is the bind address for the local manager

`virtualMetricsBindAddress` required string pro

VirtualMetricsBindAddress is the bind address for the virtual manager

`genericSync` required object pro

GenericSync holds options to generically sync resources from virtual cluster to host.

`version` required string pro

Version is the config version

`export` required object[] pro

Exports syncs a resource from the virtual cluster to the host

`apiVersion` required string pro

APIVersion of the object to sync

`kind` required string pro

Kind of the object to sync

`optional` required boolean pro

`replaceOnConflict` required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

`patches` required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`reversePatches` required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`selector` required object pro

Selector is a label selector to select the synced objects in the virtual cluster. If empty, all objects will be synced.

`labelSelector` required object pro

LabelSelector are the labels to select the object from

`import` required object[] pro

Imports syncs a resource from the host cluster to virtual cluster

`apiVersion` required string pro

APIVersion of the object to sync

`kind` required string pro

Kind of the object to sync

`optional` required boolean pro

`replaceOnConflict` required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

`patches` required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`reversePatches` required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`hooks` required object pro

Hooks are hooks that can be used to inject custom patches before syncing

`hostToVirtual` required object[] pro

HostToVirtual is a hook that is executed before syncing from the host to the virtual cluster

`apiVersion` required string pro

APIVersion of the object to sync

`kind` required string pro

Kind of the object to sync

`verbs` required string[] pro

Verbs are the verbs that the hook should mutate

`patches` required object[] pro

Patches are the patches to apply on the object to be synced

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`virtualToHost` required object[] pro

VirtualToHost is a hook that is executed before syncing from the virtual to the host cluster

`apiVersion` required string pro

APIVersion of the object to sync

`kind` required string pro

Kind of the object to sync

`verbs` required string[] pro

Verbs are the verbs that the hook should mutate

`patches` required object[] pro

Patches are the patches to apply on the object to be synced

`op` required string pro

Operation is the type of the patch

`fromPath` required string pro

FromPath is the path from the other object

`path` required string pro

Path is the path of the patch

`namePath` required string pro

NamePath is the path to the name of a child resource within Path

`namespacePath` required string pro

NamespacePath is path to the namespace of a child resource within Path

`value` required object pro

Value is the new value to be set to the path

`regex` required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

`conditions` required object[] pro

Conditions are conditions that must be true for the patch to get executed

`path` required string pro

Path is the path within the object to select

`subPath` required string pro

SubPath is the path below the selected object to select

`equal` required object pro

Equal is the value the path should be equal to

`notEqual` required object pro

NotEqual is the value the path should not be equal to

`empty` required boolean pro

Empty means that the path value should be empty or unset

`ignore` required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

`sync` required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

`secret` required boolean pro

`configmap` required boolean pro

`clusterRole` required object pro

`extraRules` required object[] [] pro

`role` required object pro

`extraRules` required object[] [] pro

`multiNamespaceMode` required object pro

MultiNamespaceMode tells virtual cluster to sync to multiple namespaces instead of a single one. This will map each virtual cluster namespace to a single namespace in the host cluster.

`enabled` required boolean false pro

Enabled specifies if multi namespace mode should get enabled

`namespaceLabels` required object pro

NamespaceLabels are extra labels that will be added by vCluster to each created namespace.

`isolatedControlPlane` required object pro

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

`enabled` required boolean pro

Enabled specifies if the isolated control plane feature should be enabled.

`headless` required boolean false pro

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

`kubeConfig` required string pro

KubeConfig is the path where to find the remote workload cluster kubeconfig.

`namespace` required string pro

Namespace is the namespace where to sync the workloads into.

`service` required string pro

Service is the vCluster service in the remote cluster.

`virtualClusterKubeConfig` required object pro

VirtualClusterKubeConfig allows you to override distro specifics and specify where vCluster will find the required certificates and vCluster config.

`kubeConfig` required string pro

KubeConfig is the virtual cluster kubeconfig path.

`serverCAKey` required string pro

ServerCAKey is the server ca key path.

`serverCACert` required string pro

ServerCAKey is the server ca cert path.

`clientCACert` required string pro

ServerCAKey is the client ca cert path.

`requestHeaderCACert` required string pro

RequestHeaderCACert is the request header ca cert path.

`denyProxyRequests` required object[] pro

DenyProxyRequests denies certain requests in the vCluster proxy.

`name` required string pro

The name of the check.

`namespaces` required string[] pro

Namespace describe a list of namespaces that will be affected by the check. An empty list means that all namespaces will be affected. In case of ClusterScoped rules, only the Namespace resource is affected.

`rules` required object[] pro

Rules describes on which verbs and on what resources/subresources the webhook is enforced. The webhook is enforced if it matches any Rule. The version of the request must match the rule version exactly. Equivalent matching is not supported.

`apiGroups` required string[] pro

APIGroups is the API groups the resources belong to. '*' is all groups.

`apiVersions` required string[] pro

APIVersions is the API versions the resources belong to. '*' is all versions.

`resources` required string[] pro

Resources is a list of resources this rule applies to.

`scope` required string pro

Scope specifies the scope of this rule.

`operations` required string[] pro

Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch. For non-resource requests, this is the lowercase http verb. If '*' is present, the length of the slice must be one.

`excludedUsers` required string[] pro

ExcludedUsers describe a list of users for which the checks will be skipped. Impersonation attempts on these users will still be subjected to the checks.

`sleepMode` required object pro

SleepMode holds the native sleep mode configuration for Pro clusters

`enabled` required boolean pro

Enabled toggles the sleep mode functionality, allowing for disabling sleep mode without removing other config

`timeZone` required string pro

Timezone represents the timezone a sleep schedule should run against, defaulting to UTC if unset

`autoSleep` required object pro

AutoSleep holds autoSleep details

`afterInactivity` required string pro

AfterInactivity represents how long a vCluster can be idle before workloads are automaticaly put to sleep

`schedule` required string pro

Schedule represents a cron schedule for when to sleep workloads

`wakeup` required object pro

Wakeup holds configuration for waking the vCluster on a schedule rather than waiting for some activity.

`schedule` required string pro

`exclude` required object pro

Exclude holds configuration for labels that, if present, will prevent a workload from going to sleep

`selector` required object pro

`labels` required object pro

Labels defines what labels should be looked for

`external` required object pro

External holds configuration for tools that are external to the vCluster.

`platform` required object pro

platform holds platform configuration

`apiKey` required object pro

APIKey defines where to find the platform access key and host. By default, vCluster will search in the following locations in this precedence:

environment variable called LICENSE
secret specified under external.platform.apiKey.secretName
secret called "vcluster-platform-api-key" in the vCluster namespace

`secretName` required string pro

SecretName is the name of the secret where the platform access key is stored. This defaults to vcluster-platform-api-key if undefined.

`namespace` required string pro

Namespace defines the namespace where the access key secret should be retrieved from. If this is not equal to the namespace where the vCluster instance is deployed, you need to make sure vCluster has access to this other namespace.

`createRBAC` required boolean pro

CreateRBAC will automatically create the necessary RBAC roles and role bindings to allow vCluster to read the secret specified in the above namespace, if specified. This defaults to true.

`autoSleep` required object pro

AutoSleep holds configuration for automatic sleep and wakeup

`afterInactivity` required integer pro

AfterInactivity specifies after how many seconds of inactivity the virtual cluster should sleep

`schedule` required string pro

Schedule specifies scheduled virtual cluster sleep in Cron format, see https://en.wikipedia.org/wiki/Cron. Note: timezone defined in the schedule string will be ignored. Use ".Timezone" field instead.

`timezone` required string pro

Timezone specifies time zone used for scheduled virtual cluster operations. Defaults to UTC. Accepts the same format as time.LoadLocation() in Go (https://pkg.go.dev/time#LoadLocation). The value should be a location name corresponding to a file in the IANA Time Zone database, such as "America/New_York".

`autoWakeup` required object pro

AutoSleep holds configuration for automatic wakeup

`schedule` required string pro

Schedule specifies scheduled wakeup from sleep in Cron format, see https://en.wikipedia.org/wiki/Cron. Note: timezone defined in the schedule string will be ignored. The timezone for the autoSleep schedule will be used

`autoDelete` required object pro

AutoDelete holds configuration for automatic delete

`afterInactivity` required integer pro

AfterInactivity specifies after how many seconds of inactivity the virtual cluster be deleted

`telemetry` required object pro

Configuration related to telemetry gathered about vCluster usage.

`enabled` required boolean true pro

Enabled specifies that the telemetry for the vCluster control plane should be enabled.

`instanceCreator` required string pro

`machineID` required string pro

`platformUserID` required string pro

`platformInstanceID` required string pro

Create a virtual cluster with a config file
What is the vcluster.yaml file?
Config reference
exportKubeConfig required object pro
integrations required object pro
sync required object pro
- toHost required object pro
- fromHost required object pro
networking required object pro
policies required object pro
controlPlane required object pro
rbac required object pro
- role required object pro
- clusterRole required object pro
plugins required {key: object} pro
experimental required object pro
external required object pro
- platform required object pro
telemetry required object pro

Create a virtual cluster with a config file​

What is the vcluster.yaml file?​

Config reference​

exportKubeConfig required object pro​

context required string pro​

server required string pro​

insecure required boolean false pro​

serviceAccount required object pro​

name required string pro​

namespace required string pro​

clusterRole required string pro​

secret required object pro​

name required string pro​

namespace required string pro​

integrations required object pro​

metricsServer required object pro​

enabled required boolean false pro​

apiService required object pro​

service required object pro​

name required string pro​

namespace required string pro​

port required integer pro​

nodes required boolean true pro​

pods required boolean true pro​

kubeVirt required object pro​

enabled required boolean false pro​

apiService required object pro​

service required object pro​

name required string pro​

namespace required string pro​

port required integer pro​

webhook required object pro​

enabled required boolean true pro​

sync required object pro​

dataVolumes required object pro​

enabled required boolean false pro​

virtualMachineInstanceMigrations required object pro​

enabled required boolean true pro​

virtualMachineInstances required object pro​

enabled required boolean true pro​

virtualMachines required object pro​

enabled required boolean true pro​

virtualMachineClones required object pro​

enabled required boolean true pro​

virtualMachinePools required object pro​

enabled required boolean true pro​

externalSecrets required object pro​

enabled required boolean false pro​

webhook required object pro​

enabled required boolean false pro​

sync required object pro​

externalSecrets required object pro​

enabled required boolean true pro​

stores required object pro​

enabled required boolean false pro​

clusterStores required object pro​

enabled required boolean false pro​

selector required object pro​

labels required object {} pro​

certManager required object pro​

enabled required boolean false pro​

sync required object pro​

toHost required object pro​

certificates required object pro​

enabled required boolean true pro​

issuers required object pro​

enabled required boolean true pro​

fromHost required object pro​

clusterIssuers required object pro​

enabled required boolean true pro​

selector required object pro​

labels required object {} pro​

sync required object pro​

toHost required object pro​

pods required object pro​

enabled required boolean true pro​

translateImage required object {} pro​

enforceTolerations required string[] [] pro​

useSecretsForSATokens required boolean false pro​

rewriteHosts required object pro​

Create a virtual cluster with a config file

What is the vcluster.yaml file?

Config reference

`exportKubeConfig` required object pro

`context` required string pro

`server` required string pro

`insecure` required boolean false pro

`serviceAccount` required object pro

`name` required string pro

`namespace` required string pro

`clusterRole` required string pro

`secret` required object pro

`name` required string pro

`namespace` required string pro

`integrations` required object pro

`metricsServer` required object pro

`enabled` required boolean false pro

`apiService` required object pro

`service` required object pro

`name` required string pro

`namespace` required string pro

`port` required integer pro

`nodes` required boolean true pro

`pods` required boolean true pro

`kubeVirt` required object pro

`enabled` required boolean false pro

`apiService` required object pro

`service` required object pro

`name` required string pro

`namespace` required string pro

`port` required integer pro

`webhook` required object pro

`enabled` required boolean true pro

`sync` required object pro

`dataVolumes` required object pro

`enabled` required boolean false pro

`virtualMachineInstanceMigrations` required object pro

`enabled` required boolean true pro

`virtualMachineInstances` required object pro

`enabled` required boolean true pro

`virtualMachines` required object pro

`enabled` required boolean true pro

`virtualMachineClones` required object pro

`enabled` required boolean true pro

`virtualMachinePools` required object pro

`enabled` required boolean true pro

`externalSecrets` required object pro

`enabled` required boolean false pro

`webhook` required object pro

`enabled` required boolean false pro

`sync` required object pro

`externalSecrets` required object pro

`enabled` required boolean true pro

`stores` required object pro

`enabled` required boolean false pro

`clusterStores` required object pro

`enabled` required boolean false pro

`selector` required object pro

`labels` required object {} pro

`certManager` required object pro

`enabled` required boolean false pro

`sync` required object pro

`toHost` required object pro

`certificates` required object pro

`enabled` required boolean true pro

`issuers` required object pro

`enabled` required boolean true pro

`fromHost` required object pro

`clusterIssuers` required object pro

`enabled` required boolean true pro

`selector` required object pro

`labels` required object {} pro

`sync` required object pro

`toHost` required object pro

`pods` required object pro

`enabled` required boolean true pro

`translateImage` required object {} pro

`enforceTolerations` required string[] [] pro

`useSecretsForSATokens` required boolean false pro

`rewriteHosts` required object pro