Backing Store
Each tenant cluster requires a backing store and vCluster provides two different types of backing store options:
There are different ways to deploy the type of backing store.
By default, vCluster uses an embedded SQLite database as the backing store. This option is great for smaller sandbox tenant clusters, but for production, it's recommended to use a different backing store option.
vCluster Standalone has limited backing store options. For single control plane nodes setup,
- Embedded database (sqlite)
- Embedded etcd
are supported.
For multiple control plane nodes (HA) setup,
- Embedded etcd
is supported.
Config reference​
backingStore object ​
BackingStore defines which backing store to use for virtual cluster. If not defined will use embedded database as a default backing store.
backingStore object ​etcd object ​
Etcd defines that etcd should be used as the backend for the virtual cluster
etcd object ​embedded object ​
Embedded defines to use embedded etcd as a storage backend for the virtual cluster
embedded object ​enabled boolean false ​
Enabled defines if the embedded etcd should be used.
enabled boolean false ​migrateFromDeployedEtcd boolean false ​
MigrateFromDeployedEtcd signals that vCluster should migrate from the deployed external etcd to embedded etcd.
migrateFromDeployedEtcd boolean false ​snapshotCount integer ​
SnapshotCount defines the number of snapshots to keep for the embedded etcd. Defaults to 10000 if less than 1.
snapshotCount integer ​extraArgs string[] [] ​
ExtraArgs are additional arguments to pass to the embedded etcd.
extraArgs string[] [] ​deploy object ​
Deploy defines to use an external etcd that is deployed by the helm chart
deploy object ​enabled boolean false ​
Enabled defines that an external etcd should be deployed.
enabled boolean false ​statefulSet object ​
StatefulSet holds options for the external etcd statefulSet.
statefulSet object ​enabled boolean true ​
Enabled defines if the statefulSet should be deployed
enabled boolean true ​enableServiceLinks boolean true ​
EnableServiceLinks for the StatefulSet pod
enableServiceLinks boolean true ​image object ​
Image is the image to use for the external etcd statefulSet
image object ​registry string registry.k8s.io ​
Registry is the registry of the container image, e.g. my-registry.com or ghcr.io. This setting can be globally
overridden via the controlPlane.advanced.defaultImageRegistry option. Empty means docker hub.
registry string registry.k8s.io ​repository string etcd ​
Repository is the repository of the container image, e.g. my-repo/my-image
repository string etcd ​tag string 3.6.8-0 ​
Tag is the tag of the container image, and is the default version.
tag string 3.6.8-0 ​imagePullPolicy string ​
ImagePullPolicy is the pull policy for the external etcd image
imagePullPolicy string ​env object[] [] ​
Env are extra environment variables
env object[] [] ​extraArgs string[] [] ​
ExtraArgs are appended to the etcd command.
extraArgs string[] [] ​resources object ​
Resources the etcd can consume
resources object ​limits object ​
Limits are resource limits for the container
limits object ​requests object map[cpu:20m memory:150Mi] ​
Requests are minimal resources that will be consumed by the container
requests object map[cpu:20m memory:150Mi] ​pods object ​
Pods defines extra metadata for the etcd pods.
pods object ​annotations object {} ​
Annotations are extra annotations for this resource.
annotations object {} ​labels object {} ​
Labels are extra labels for this resource.
labels object {} ​highAvailability object ​
HighAvailability are high availability options
highAvailability object ​replicas integer 1 ​
Replicas are the amount of pods to use.
replicas integer 1 ​scheduling object ​
Scheduling options for the etcd pods.
scheduling object ​nodeSelector object {} ​
NodeSelector is the node selector to apply to the pod.
nodeSelector object {} ​affinity object {} ​
Affinity is the affinity to apply to the pod.
affinity object {} ​tolerations object[] [] ​
Tolerations are the tolerations to apply to the pod.
tolerations object[] [] ​priorityClassName string ​
PriorityClassName is the priority class name for the the pod.
priorityClassName string ​podManagementPolicy string Parallel ​
PodManagementPolicy is the statefulSet pod management policy.
podManagementPolicy string Parallel ​topologySpreadConstraints object[] [] ​
TopologySpreadConstraints are the topology spread constraints for the pod.
topologySpreadConstraints object[] [] ​security object ​
Security options for the etcd pods.
security object ​podSecurityContext object {} ​
PodSecurityContext specifies security context options on the pod level.
podSecurityContext object {} ​containerSecurityContext object {} ​
ContainerSecurityContext specifies security context options on the container level.
containerSecurityContext object {} ​persistence object ​
Persistence options for the etcd pods.
persistence object ​volumeClaim object ​
VolumeClaim can be used to configure the persistent volume claim.
volumeClaim object ​enabled boolean true ​
Enabled enables deploying a persistent volume claim.
enabled boolean true ​accessModes string[] [ReadWriteOnce] ​
AccessModes are the persistent volume claim access modes.
accessModes string[] [ReadWriteOnce] ​retentionPolicy string Retain ​
RetentionPolicy is the persistent volume claim retention policy.
retentionPolicy string Retain ​size string 5Gi ​
Size is the persistent volume claim storage size.
size string 5Gi ​storageClass string ​
StorageClass is the persistent volume claim storage class.
storageClass string ​volumeClaimTemplates object[] [] ​
VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet
volumeClaimTemplates object[] [] ​addVolumes object[] [] ​
AddVolumes defines extra volumes for the pod
addVolumes object[] [] ​addVolumeMounts object[] ​
AddVolumeMounts defines extra volume mounts for the container
addVolumeMounts object[] ​name string ​
This must match the Name of a Volume.
name string ​readOnly boolean ​
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
readOnly boolean ​mountPath string ​
Path within the container at which the volume should be mounted. Must
not contain ':'.
mountPath string ​subPath string ​
Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
subPath string ​mountPropagation string ​
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
mountPropagation string ​subPathExpr string ​
Expanded path within the volume from which the container's volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
Defaults to "" (volume's root).
SubPathExpr and SubPath are mutually exclusive.
subPathExpr string ​annotations object {} ​
Annotations are extra annotations for this resource.
annotations object {} ​labels object {} ​
Labels are extra labels for this resource.
labels object {} ​database object ​
Database defines that a database backend should be used as the backend for the virtual cluster. This uses a project called kine under the hood which is a shim for bridging Kubernetes and relational databases.
database object ​embedded object ​
Embedded defines that an embedded database (sqlite) should be used as the backend for the virtual cluster
embedded object ​enabled boolean false ​
Enabled defines if the database should be used.
enabled boolean false ​dataSource string ​
DataSource is the kine dataSource to use for the database. This depends on the database format.
This is optional for the external database. Examples:
- mysql: mysql://username:password@tcp(hostname:3306)/vcluster
- postgres: postgres://username:password@hostname:5432/vcluster
dataSource string ​identityProvider string ​
IdentityProvider is the kine identity provider to use when generating temporary authentication tokens for enhanced security.
This is optional for the external database. Examples:
- aws: RDS IAM Authentication
identityProvider string ​keyFile string ​
KeyFile is the key file to use for the database. This is optional.
keyFile string ​certFile string ​
CertFile is the cert file to use for the database. This is optional.
certFile string ​caFile string ​
CaFile is the ca file to use for the database. This is optional.
caFile string ​extraArgs string[] [] ​
ExtraArgs are additional arguments to pass to Kine.
extraArgs string[] [] ​external object ​
External defines that an external database should be used as the backend for the virtual cluster
external object ​enabled boolean false ​
Enabled defines if the database should be used.
enabled boolean false ​dataSource string ​
DataSource is the kine dataSource to use for the database. This depends on the database format.
This is optional for the external database. Examples:
- mysql: mysql://username:password@tcp(hostname:3306)/vcluster
- postgres: postgres://username:password@hostname:5432/vcluster
dataSource string ​identityProvider string ​
IdentityProvider is the kine identity provider to use when generating temporary authentication tokens for enhanced security.
This is optional for the external database. Examples:
- aws: RDS IAM Authentication
identityProvider string ​keyFile string ​
KeyFile is the key file to use for the database. This is optional.
keyFile string ​certFile string ​
CertFile is the cert file to use for the database. This is optional.
certFile string ​caFile string ​
CaFile is the ca file to use for the database. This is optional.
caFile string ​extraArgs string[] [] ​
ExtraArgs are additional arguments to pass to Kine.
extraArgs string[] [] ​connector string ​
Connector specifies a secret located in a connected vCluster Platform that contains database server connection information
to be used by Platform to create a database and database user for the vCluster.
and non-privileged user. A kine endpoint should be created using the database and user on Platform registration.
This is optional.
connector string ​