Skip to main content
Version: main 🚧

Deployment basics

vCluster in Docker (vind) allows you to deploy a complete Kubernetes cluster using Docker containers without requiring a host Kubernetes cluster. This deployment method is ideal for local development, testing, and CI/CD scenarios.

Overview​

When deploying vCluster as Docker containers:

  • Control plane: Runs as Docker containers (API server, etcd, controller manager, scheduler)
  • Worker nodes: Simulated as additional Docker containers
  • Networking: Uses Docker networking for inter-container communication
  • Storage: Uses Docker volumes for persistent data
  • No host cluster required: Complete independence from existing Kubernetes infrastructure

Prerequisites​

System requirements​

  • Docker: Docker Desktop, Docker Engine or similar installed and running
  • Operating System: Linux, macOS, or Windows with Docker support
  • Resources: Minimum 2GB RAM and 2 CPU cores available to Docker
  • Network: Docker daemon accessible and able to create networks

Docker configuration​

Ensure Docker is properly configured:

docker --version
docker info

For optimal performance, consider:

  • Enabling containerd image storage for better registry proxy performance
  • Allocating sufficient resources in Docker Desktop preferences

Deploy vCluster​

Step 1: Install vCluster CLI​

brew install loft-sh/tap/vcluster

The binaries in the tap are signed using the Sigstore framework for enhanced security.

Confirm that you've installed the correct version of the vCluster CLI.

vcluster --version

Step 2: Configure Docker Driver​

Set vCluster to use the Docker driver:

vcluster use driver docker

Step 3: Create vCluster configuration (optional)​

Create a vcluster.yaml file to customize your Docker deployment:

experimental:
  docker:
    # Expose additional ports
    ports:
    - "8080:80"
    - "8443:443"
  
    # Mount host directories
    volumes:
    - "/host/data:/data"
    - "/var/run/docker.sock:/var/run/docker.sock"
  
    # Set environment variables
    env:
    - "DEBUG=true"
    - "LOG_LEVEL=info"
  
    # Add additional worker nodes
    nodes:
    - name: "worker-1"
      ports:
        - "9090:9090"
    - name: "worker-2"
      volumes:
        - "/host/logs:/logs"
  
    # Configure registry proxy (enabled by default)
    registryProxy:
      enabled: true
  
    # Configure load balancer (enabled by default)
    loadBalancer:
      enabled: true
      forwardPorts: true

Step 4: Deploy the vCluster​

Deploy with default configuration:

Modify the following with your specific values to generate a copyable command:
vcluster create my-vcluster

Or deploy with custom configuration:

Modify the following with your specific values to generate a copyable command:
vcluster create my-vcluster --values vcluster.yaml

Step 5: Verify Deployment​

Check that your vCluster is running:

kubectl get nodes
kubectl get namespaces

Verify Docker containers:

Modify the following with your specific values to generate a copyable command:
docker ps --filter name=my-vcluster

Configuration options​

Container customization​

  • Image: Specify custom container images for control plane and worker nodes
  • Ports: Expose additional ports from containers to the host
  • Volumes: Mount host directories or Docker volumes
  • Environment Variables: Set custom environment variables
  • Docker Arguments: Pass additional arguments to Docker run commands

Multi-node setup​

Configure multiple worker nodes with individual settings:

experimental:
  docker:
    nodes:
    - name: "worker-1"
      image: "custom-registry/worker:latest"
      ports:
        - "3000:3000"
      volumes:
        - "/host/app:/app"
    - name: "worker-2"
      env:
        - "NODE_ENV=production"
      args:
        - "--privileged"

vCluster VPN​

You can join external nodes to your Docker-based vCluster using the vCluster VPN feature. This requires vCluster Platform to be installed. For detailed setup instructions, see the vCluster VPN documentation.

experimental:
  docker:
    nodes:
    - name: my-node
privateNodes:
  vpn:
    enabled: true
    nodeToNode:
      enabled: true

Troubleshoot​

Common issues​

  1. Docker daemon not accessible:

    docker info

  2. Resource constraints: Ensure Docker has sufficient CPU and memory allocated

  3. Permission issues on macOS: Load balancer features may require running Docker with elevated privileges. Try running your terminal as an administrator or ensure Docker Desktop has the necessary permissions in System Preferences > Security & Privacy

Debug​

Modify the following with your specific values to generate a copyable command:
# Check vCluster status
vcluster list

# Show all docker containers
docker ps -a

# View control plane logs
docker exec -it vcluster.cp.my-vcluster journalctl -u vcluster --no-pager

# View kubelet logs
docker exec -it vcluster.node.my-vcluster.my-node journalctl -u kubelet --no-pager

# View containerd logs
docker exec -it vcluster.node.my-vcluster.my-node journalctl -u containerd --no-pager

# View vcluster-vpn logs
docker exec -it vcluster.node.my-vcluster.my-node journalctl -u vcluster-vpn --no-pager

Delete a Docker vCluster​

To remove a Docker-based vCluster and clean up all associated resources:

Modify the following with your specific values to generate a copyable command:
vcluster delete my-vcluster

This command removes all Docker containers and networks created for the vCluster. Any data stored in Docker volumes is also deleted.

Next steps​

Config reference​

docker required object ​

Docker allows you to configure Docker related settings when deploying a vCluster using Docker.

image required string ​

Image defines the image to use for the container. Defaults to ghcr.io/loft-sh/vm-container.

ports required string[] ​

Ports defines extra port mappings to be added to the container.

volumes required string[] ​

Volumes defines extra volumes to be added to the container.

env required string[] ​

Env defines extra environment variables to be added to the container. Use key=value.

args required string[] ​

Args defines extra arguments to be added to the docker run command of the container.

enabled required boolean ​

Enabled defines if the vCluster was deployed using Docker. This is automatically set by vCluster and should not be set by the user.

network required string ​

Network defines the network to use for the vCluster. If not specified, the a network will be created for the vCluster.

nodes required object[] ​

Nodes defines the nodes of the vCluster.

image required string ​

Image defines the image to use for the container. Defaults to ghcr.io/loft-sh/vm-container.

ports required string[] ​

Ports defines extra port mappings to be added to the container.

volumes required string[] ​

Volumes defines extra volumes to be added to the container.

env required string[] ​

Env defines extra environment variables to be added to the container. Use key=value.

args required string[] ​

Args defines extra arguments to be added to the docker run command of the container.

name required string ​

Name defines the name of the node. If not specified, a random name will be generated.

registryProxy required object ​

Defines if docker images should be pulled from the host docker daemon. This prevents pulling images again and allows to use purely local images. Only works if containerd image storage is used. For more information, see https://docs.docker.com/engine/storage/containerd

enabled required boolean true ​

Enabled defines if this option should be enabled.

loadBalancer required object ​

Defines if vCluster should configure load balancer services inside the vCluster. This might require sudo access on the host cluster for docker desktop or rancher desktop on macos.

enabled required boolean true ​

Enabled defines if this option should be enabled.

forwardPorts required boolean true ​

ForwardPorts defines if the load balancer ips should be made available locally via port forwarding. This will be only done if necessary for example on macos when using docker desktop.