Experimental

warning

These features are experimental! They may have breaking changes or be deprecated.

Config reference

experimental required object pro

Experimental features for vCluster. Configuration here might change, so be careful with this.

deploy required object pro

Deploy allows you to configure manifests and Helm charts to deploy within the virtual cluster.

host required object pro

Host defines what manifests to deploy into the host cluster

manifests required string pro

Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.

manifestsTemplate required string pro

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.

vcluster required object pro

VCluster defines what manifests and charts to deploy into the vCluster

manifests required string pro

Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.

manifestsTemplate required string pro

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.

helm required object[] pro

Helm are Helm charts that should get deployed into the virtual cluster

chart required object pro

Chart defines what chart should get deployed.

name required string pro

repo required string pro

insecure required boolean pro

version required string pro

username required string pro

password required string pro

release required object pro

Release defines what release should get deployed.

name required string pro

Name of the release

namespace required string pro

Namespace of the release

values required string pro

Values defines what values should get used.

timeout required string pro

Timeout defines the timeout for Helm

bundle required string pro

Bundle allows to compress the Helm chart and specify this instead of an online chart

syncSettings required object pro

SyncSettings are advanced settings for the syncer controller.

disableSync required boolean false pro

DisableSync will not sync any resources and disable most control plane functionality.

rewriteKubernetesService required boolean false pro

RewriteKubernetesService will rewrite the Kubernetes service to point to the vCluster service if disableSync is enabled

targetNamespace required string pro

TargetNamespace is the namespace where the workloads should get synced to.

setOwner required boolean true pro

SetOwner specifies if vCluster should set an owner reference on the synced objects to the vCluster service. This allows for easy garbage collection.

hostMetricsBindAddress required string pro

HostMetricsBindAddress is the bind address for the local manager

virtualMetricsBindAddress required string pro

VirtualMetricsBindAddress is the bind address for the virtual manager

genericSync required object pro

GenericSync holds options to generically sync resources from virtual cluster to host.

version required string pro

Version is the config version

export required object[] pro

Exports syncs a resource from the virtual cluster to the host

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

optional required boolean pro

replaceOnConflict required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

reversePatches required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

selector required object pro

Selector is a label selector to select the synced objects in the virtual cluster. If empty, all objects will be synced.

labelSelector required object pro

LabelSelector are the labels to select the object from

import required object[] pro

Imports syncs a resource from the host cluster to virtual cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

optional required boolean pro

replaceOnConflict required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

reversePatches required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

hooks required object pro

Hooks are hooks that can be used to inject custom patches before syncing

hostToVirtual required object[] pro

HostToVirtual is a hook that is executed before syncing from the host to the virtual cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

verbs required string[] pro

Verbs are the verbs that the hook should mutate

patches required object[] pro

Patches are the patches to apply on the object to be synced

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

virtualToHost required object[] pro

VirtualToHost is a hook that is executed before syncing from the virtual to the host cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

verbs required string[] pro

Verbs are the verbs that the hook should mutate

patches required object[] pro

Patches are the patches to apply on the object to be synced

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro

configmap required boolean pro

clusterRole required object pro

extraRules required object[] [] pro

role required object pro

extraRules required object[] [] pro

multiNamespaceMode required object pro

MultiNamespaceMode tells virtual cluster to sync to multiple namespaces instead of a single one. This will map each virtual cluster namespace to a single namespace in the host cluster.

enabled required boolean false pro

Enabled specifies if multi namespace mode should get enabled

namespaceLabels required object pro

NamespaceLabels are extra labels that will be added by vCluster to each created namespace.

isolatedControlPlane required object pro

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

enabled required boolean pro

Enabled specifies if the isolated control plane feature should be enabled.

headless required boolean false pro

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

kubeConfig required string pro

KubeConfig is the path where to find the remote workload cluster kubeconfig.

namespace required string pro

Namespace is the namespace where to sync the workloads into.

service required string pro

Service is the vCluster service in the remote cluster.

virtualClusterKubeConfig required object pro

VirtualClusterKubeConfig allows you to override distro specifics and specify where vCluster will find the required certificates and vCluster config.

kubeConfig required string pro

KubeConfig is the virtual cluster kubeconfig path.

serverCAKey required string pro

ServerCAKey is the server ca key path.

serverCACert required string pro

ServerCAKey is the server ca cert path.

clientCACert required string pro

ServerCAKey is the client ca cert path.

requestHeaderCACert required string pro

RequestHeaderCACert is the request header ca cert path.

denyProxyRequests required object[] pro

DenyProxyRequests denies certain requests in the vCluster proxy.

name required string pro

The name of the check.

namespaces required string[] pro

Namespace describe a list of namespaces that will be affected by the check. An empty list means that all namespaces will be affected. In case of ClusterScoped rules, only the Namespace resource is affected.

rules required object[] pro

Rules describes on which verbs and on what resources/subresources the webhook is enforced. The webhook is enforced if it matches any Rule. The version of the request must match the rule version exactly. Equivalent matching is not supported.

apiGroups required string[] pro

APIGroups is the API groups the resources belong to. '*' is all groups.

apiVersions required string[] pro

APIVersions is the API versions the resources belong to. '*' is all versions.

resources required string[] pro

Resources is a list of resources this rule applies to.

scope required string pro

Scope specifies the scope of this rule.

operations required string[] pro

Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch. For non-resource requests, this is the lowercase http verb. If '*' is present, the length of the slice must be one.

excludedUsers required string[] pro

ExcludedUsers describe a list of users for which the checks will be skipped. Impersonation attempts on these users will still be subjected to the checks.