Experimental
The following features are experimental. They might have breaking changes or be deprecated.
Experimental features​
vCluster provides several experimental features that extend its capabilities:
Available features​
- Deploy - Configure deployment settings for experimental features
- Sync settings - Advanced synchronization configuration
- Deny proxy requests - Block proxy requests to the control plane cluster
- Resource proxy - Proxy custom resources to other tenant clusters
Configure experimental features​
Experimental features are configured under the experimental section of your vCluster configuration. These features might change between releases, so use them with caution in production environments.
Config reference​
experimental object ​
Experimental features for vCluster. Configuration here might change, so be careful with this.
experimental object ​deploy object ​
Deploy allows you to configure manifests and Helm charts to deploy within the host or virtual cluster.
deploy object ​host object ​
Host defines what manifests to deploy into the host cluster
host object ​manifests string ​
Manifests are raw Kubernetes manifests that should get applied within the host cluster.
manifests string ​manifestsTemplate string ​
ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the host cluster.
manifestsTemplate string ​vcluster object ​
VCluster defines what manifests and charts to deploy into the vCluster
vcluster object ​manifests string ​
Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.
manifests string ​manifestsTemplate string ​
ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.
manifestsTemplate string ​helm object[] ​
Helm are Helm charts that should get deployed into the virtual cluster
helm object[] ​chart object ​
Chart defines what chart should get deployed.
chart object ​name string ​
name string ​repo string ​
repo string ​insecure boolean ​
insecure boolean ​version string ​
version string ​username string ​
username string ​password string ​
password string ​release object ​
Release defines what release should get deployed.
release object ​name string ​
Name of the release
name string ​namespace string ​
Namespace of the release
namespace string ​values string ​
Values defines what values should get used.
values string ​timeout string ​
Timeout defines the timeout for Helm
timeout string ​bundle string ​
Bundle allows to compress the Helm chart and specify this instead of an online chart
bundle string ​syncSettings object ​
SyncSettings are advanced settings for the syncer controller.
syncSettings object ​setOwner boolean true ​
SetOwner specifies if vCluster should set an owner reference on the synced objects to the vCluster service. This allows for easy garbage collection.
setOwner boolean true ​hostMetricsBindAddress string ​
HostMetricsBindAddress is the bind address for the local manager
hostMetricsBindAddress string ​virtualMetricsBindAddress string ​
VirtualMetricsBindAddress is the bind address for the virtual manager
virtualMetricsBindAddress string ​virtualClusterKubeConfig object ​
VirtualClusterKubeConfig allows you to override distro specifics and specify where vCluster will find the required certificates and vCluster config.
Deprecated: Removed in 0.29.0.
virtualClusterKubeConfig object ​kubeConfig string ​
KubeConfig is the virtual cluster kubeconfig path.
kubeConfig string ​serverCAKey string ​
ServerCAKey is the server ca key path.
serverCAKey string ​serverCACert string ​
ServerCACert is the server ca cert path.
serverCACert string ​clientCACert string ​
ClientCACert is the client ca cert path.
clientCACert string ​clientCAKey string ​
ClientCAKey is the client ca key path.
clientCAKey string ​requestHeaderCACert string ​
RequestHeaderCACert is the request header ca cert path.
requestHeaderCACert string ​denyProxyRequests object[] ​
DenyProxyRequests denies certain requests in the vCluster proxy.
denyProxyRequests object[] ​name string ​
The name of the check.
name string ​namespaces string[] ​
Namespace describe a list of namespaces that will be affected by the check.
An empty list means that all namespaces will be affected.
In case of ClusterScoped rules, only the Namespace resource is affected.
namespaces string[] ​rules object[] ​
Rules describes on which verbs and on what resources/subresources the webhook is enforced.
The webhook is enforced if it matches any Rule.
The version of the request must match the rule version exactly. Equivalent matching is not supported.
rules object[] ​apiGroups string[] ​
APIGroups is the API groups the resources belong to. '*' is all groups.
apiGroups string[] ​apiVersions string[] ​
APIVersions is the API versions the resources belong to. '*' is all versions.
apiVersions string[] ​resources string[] ​
Resources is a list of resources this rule applies to.
resources string[] ​scope string ​
Scope specifies the scope of this rule.
scope string ​operations string[] ​
Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch.
For non-resource requests, this is the lowercase http verb.
If '*' is present, the length of the slice must be one.
operations string[] ​excludedUsers string[] ​
ExcludedUsers describe a list of users for which the checks will be skipped.
Impersonation attempts on these users will still be subjected to the checks.
excludedUsers string[] ​proxy object ​
Proxy enables vCluster-to-vCluster proxying of resources
proxy object ​customResources {key: object} ​
CustomResources is a map of resource keys (format: "kind.apiGroup/version") to proxy configuration
customResources {key: object} ​enabled boolean ​
Enabled defines if this resource proxy should be enabled
enabled boolean ​targetVirtualCluster object ​
TargetVirtualCluster is the target virtual cluster for the custom resource proxy
targetVirtualCluster object ​name required string ​
Name is the name of the target virtual cluster.
name required string ​project string ​
Project is the project of the target virtual cluster. If empty, defaults to the same project as the source vCluster.
project string ​accessResources string ​
AccessResources defines which resources should be accessible in the proxy.
accessResources string ​docker object ​
Docker allows you to configure Docker related settings when deploying a vCluster using Docker.
docker object ​image string ​
Image defines the image to use for the container. Defaults to ghcr.io/loft-sh/vm-container.
image string ​ports string[] ​
Ports defines extra port mappings to be added to the container.
ports string[] ​volumes string[] ​
Volumes defines extra volumes to be added to the container.
volumes string[] ​env string[] ​
Env defines extra environment variables to be added to the container. Use key=value.
env string[] ​args string[] ​
Args defines extra arguments to be added to the docker run command of the container.
args string[] ​enabled boolean ​
Enabled defines if the vCluster was deployed using Docker. This is automatically set by vCluster and should not be set by the user.
enabled boolean ​network string ​
Network defines the network to use for the vCluster. If not specified, the a network will be created for the vCluster.
network string ​nodes object[] ​
Nodes defines the nodes of the vCluster.
nodes object[] ​image string ​
Image defines the image to use for the container. Defaults to ghcr.io/loft-sh/vm-container.
image string ​ports string[] ​
Ports defines extra port mappings to be added to the container.
ports string[] ​volumes string[] ​
Volumes defines extra volumes to be added to the container.
volumes string[] ​env string[] ​
Env defines extra environment variables to be added to the container. Use key=value.
env string[] ​args string[] ​
Args defines extra arguments to be added to the docker run command of the container.
args string[] ​name string ​
Name defines the name of the node. If not specified, a random name will be generated.
name string ​registryProxy object ​
Defines if docker images should be pulled from the host docker daemon. This prevents pulling images again and allows to
use purely local images. Only works if containerd image storage is used. For more information, see https://docs.docker.com/engine/storage/containerd
registryProxy object ​enabled boolean true ​
Enabled defines if this option should be enabled.
enabled boolean true ​loadBalancer object ​
Defines if vCluster should configure load balancer services inside the vCluster. This might require
sudo access on the host cluster for docker desktop or rancher desktop on macos.
loadBalancer object ​enabled boolean true ​
Enabled defines if this option should be enabled.
enabled boolean true ​forwardPorts boolean true ​
ForwardPorts defines if the load balancer ips should be made available locally
via port forwarding. This will be only done if necessary for example on macos when using docker desktop.
forwardPorts boolean true ​nodeMonitors object[] ​
NodeMonitors allows you to create a service monitor for each node.
nodeMonitors object[] ​name string ​
Name is the name of the monitor. It will be suffixed with the node name.
name string ​nodeSelector object ​
NodeSelector defines the node selector for the service monitor.
nodeSelector object ​endpoints object[] ​
Endpoints is a list of endpoints to add to the service monitor. By default, vCluster will relabel the node and instance label to the node name.
endpoints object[] ​path string ​
Path is the kubelet path of the endpoint. vCluster will prepend /api/v1/nodes/NODE_NAME to the path.
path string ​params object ​
Params allows you to configure extra parameters to add to the endpoint.
params object ​extraRelabelings object[] ​
ExtraRelabelings allows you to configure extra relabelings to add to the endpoint. By default, vCluster will relabel the node and instance label to the node name.
extraRelabelings object[] ​metricsRelabelings object[] ​
MetricsRelabelings allows you to configure extra metrics relabelings to add to the endpoint.
metricsRelabelings object[] ​interval string ​
Interval is the interval at which to scrape the endpoint.
interval string ​scrapeTimeout string ​
ScrapeTimeout is the timeout for the scrape of the endpoint.
scrapeTimeout string ​spec object ​
Spec allows you to configure extra service monitor options that will be merged into the spec.
spec object ​annotations object ​
Annotations are extra annotations for this resource.
annotations object ​labels object ​
Labels are extra labels for this resource.
labels object ​