Skip to main content
Version: main 🚧

Experimental

warning

The following features are experimental. They might have breaking changes or be deprecated.

Experimental features​

vCluster provides several experimental features that extend its capabilities:

Available features​

Configure experimental features​

Experimental features are configured under the experimental section of your vCluster configuration. These features might change between releases, so use them with caution in production environments.

Config reference​

experimental required object ​

Experimental features for vCluster. Configuration here might change, so be careful with this.

deploy required object ​

Deploy allows you to configure manifests and Helm charts to deploy within the host or virtual cluster.

host required object ​

Host defines what manifests to deploy into the host cluster

manifests required string ​

Manifests are raw Kubernetes manifests that should get applied within the host cluster.

manifestsTemplate required string ​

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the host cluster.

vcluster required object ​

VCluster defines what manifests and charts to deploy into the vCluster

manifests required string ​

Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.

manifestsTemplate required string ​

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.

helm required object[] ​

Helm are Helm charts that should get deployed into the virtual cluster

chart required object ​

Chart defines what chart should get deployed.

name required string ​
repo required string ​
insecure required boolean ​
version required string ​
username required string ​
password required string ​
release required object ​

Release defines what release should get deployed.

name required string ​

Name of the release

namespace required string ​

Namespace of the release

values required string ​

Values defines what values should get used.

timeout required string ​

Timeout defines the timeout for Helm

bundle required string ​

Bundle allows to compress the Helm chart and specify this instead of an online chart

syncSettings required object ​

SyncSettings are advanced settings for the syncer controller.

targetNamespace required string ​

TargetNamespace is the namespace where the workloads should get synced to.

setOwner required boolean true ​

SetOwner specifies if vCluster should set an owner reference on the synced objects to the vCluster service. This allows for easy garbage collection.

hostMetricsBindAddress required string ​

HostMetricsBindAddress is the bind address for the local manager

virtualMetricsBindAddress required string ​

VirtualMetricsBindAddress is the bind address for the virtual manager

genericSync required object ​

GenericSync holds options to generically sync resources from virtual cluster to host.

version required string ​

Version is the config version

export required object[] ​

Exports syncs a resource from the virtual cluster to the host

apiVersion required string ​

APIVersion of the object to sync

kind required string ​

Kind of the object to sync

optional required boolean ​
replaceOnConflict required boolean ​

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] ​

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​
reversePatches required object[] ​

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​
selector required object ​

Selector is a label selector to select the synced objects in the virtual cluster. If empty, all objects will be synced.

labelSelector required object ​

LabelSelector are the labels to select the object from

import required object[] ​

Imports syncs a resource from the host cluster to virtual cluster

apiVersion required string ​

APIVersion of the object to sync

kind required string ​

Kind of the object to sync

optional required boolean ​
replaceOnConflict required boolean ​

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] ​

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​
reversePatches required object[] ​

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​

hooks required object ​

Hooks are hooks that can be used to inject custom patches before syncing

hostToVirtual required object[] ​

HostToVirtual is a hook that is executed before syncing from the host to the virtual cluster

apiVersion required string ​

APIVersion of the object to sync

kind required string ​

Kind of the object to sync

verbs required string[] ​

Verbs are the verbs that the hook should mutate

patches required object[] ​

Patches are the patches to apply on the object to be synced

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​
virtualToHost required object[] ​

VirtualToHost is a hook that is executed before syncing from the virtual to the host cluster

apiVersion required string ​

APIVersion of the object to sync

kind required string ​

Kind of the object to sync

verbs required string[] ​

Verbs are the verbs that the hook should mutate

patches required object[] ​

Patches are the patches to apply on the object to be synced

op required string ​

Operation is the type of the patch

fromPath required string ​

FromPath is the path from the other object

path required string ​

Path is the path of the patch

namePath required string ​

NamePath is the path to the name of a child resource within Path

namespacePath required string ​

NamespacePath is path to the namespace of a child resource within Path

value required object ​

Value is the new value to be set to the path

regex required string ​

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] ​

Conditions are conditions that must be true for the patch to get executed

path required string ​

Path is the path within the object to select

subPath required string ​

SubPath is the path below the selected object to select

equal required object ​

Equal is the value the path should be equal to

notEqual required object ​

NotEqual is the value the path should not be equal to

empty required boolean ​

Empty means that the path value should be empty or unset

ignore required boolean ​

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object ​

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean ​
configmap required boolean ​

clusterRole required object ​

extraRules required object[] [] ​

role required object ​

extraRules required object[] [] ​

isolatedControlPlane required object ​

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

enabled required boolean ​

Enabled specifies if the isolated control plane feature should be enabled.

headless required boolean false ​

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

kubeConfig required string ​

KubeConfig is the path where to find the remote workload cluster kubeconfig.

namespace required string ​

Namespace is the namespace where to sync the workloads into.

service required string ​

Service is the vCluster service in the remote cluster.

virtualClusterKubeConfig required object ​

VirtualClusterKubeConfig allows you to override distro specifics and specify where vCluster will find the required certificates and vCluster config.

kubeConfig required string ​

KubeConfig is the virtual cluster kubeconfig path.

serverCAKey required string ​

ServerCAKey is the server ca key path.

serverCACert required string ​

ServerCAKey is the server ca cert path.

clientCACert required string ​

ServerCAKey is the client ca cert path.

requestHeaderCACert required string ​

RequestHeaderCACert is the request header ca cert path.

denyProxyRequests required object[] ​

DenyProxyRequests denies certain requests in the vCluster proxy.

name required string ​

The name of the check.

namespaces required string[] ​

Namespace describe a list of namespaces that will be affected by the check. An empty list means that all namespaces will be affected. In case of ClusterScoped rules, only the Namespace resource is affected.

rules required object[] ​

Rules describes on which verbs and on what resources/subresources the webhook is enforced. The webhook is enforced if it matches any Rule. The version of the request must match the rule version exactly. Equivalent matching is not supported.

apiGroups required string[] ​

APIGroups is the API groups the resources belong to. '*' is all groups.

apiVersions required string[] ​

APIVersions is the API versions the resources belong to. '*' is all versions.

resources required string[] ​

Resources is a list of resources this rule applies to.

scope required string ​

Scope specifies the scope of this rule.

operations required string[] ​

Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch. For non-resource requests, this is the lowercase http verb. If '*' is present, the length of the slice must be one.

excludedUsers required string[] ​

ExcludedUsers describe a list of users for which the checks will be skipped. Impersonation attempts on these users will still be subjected to the checks.