Skip to main content

vcluster.yaml configuration reference

Create a virtual cluster with a config file

Configure your vCluster installation in a vcluster.yaml configuration file. Then deploy your changes.

vcluster create --upgrade VCLUSTER_NAME -n VCLUSTER_NAMESPACE -f vcluster.yaml

Replace:

  • VCLUSTER_NAME with your vCluster instance name.
  • VCLUSTER_NAMESPACE with the namespace where you deployed vCluster.

Config reference

exportKubeConfig required object pro

ExportKubeConfig describes how vCluster should export the vCluster kubeConfig file.

context required string pro

Context is the name of the context within the generated kubeconfig to use.

server required string pro

Override the default https://localhost:8443 and specify a custom hostname for the generated kubeconfig.

secret required object pro

Declare in which host cluster secret vCluster should store the generated virtual cluster kubeconfig. If this is not defined, vCluster create it with vc-NAME. If you specify another name, vCluster creates the config in this other secret.

name required string pro

Name is the name of the secret where the kubeconfig should get stored.

namespace required string pro

Namespace where vCluster should store the kubeconfig secret. If this is not equal to the namespace where you deployed vCluster, you need to make sure vCluster has access to this other namespace.

sync required object pro

Sync describes how to sync resources from the virtual cluster to host cluster and back.

toHost required object pro

Configure resources to sync from the virtual cluster to the host cluster.

pods required object pro

Pods defines if pods created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if pod syncing should be enabled.

translateImage required object pro

TranslateImage maps an image to another image that should be used instead. For example this can be used to rewrite a certain image that is used within the virtual cluster to be another image on the host cluster

enforceTolerations required string[] pro

EnforceTolerations will add the specified tolerations to all pods synced by the virtual cluster.

useSecretsForSATokens required boolean pro

UseSecretsForSATokens will use secrets to save the generated service account tokens by virtual cluster instead of using a pod annotation.

rewriteHosts required object pro

RewriteHosts is a special option needed to rewrite statefulset containers to allow the correct FQDN. virtual cluster will add a small container to each stateful set pod that will initially rewrite the /etc/hosts file to match the FQDN expected by the virtual cluster.

enabled required boolean pro

Enabled specifies if rewriting stateful set pods should be enabled.

initContainerImage required string pro

InitContainerImage is the image virtual cluster should use to rewrite this FQDN.

secrets required object pro

Secrets defines if secrets created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

all required boolean pro

All defines if all resources of that type should get synced or only the necessary ones that are needed.

configMaps required object pro

ConfigMaps defines if config maps created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

all required boolean pro

All defines if all resources of that type should get synced or only the necessary ones that are needed.

ingresses required object pro

Ingresses defines if ingresses created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

services required object pro

Services defines if services created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

endpoints required object pro

Endpoints defines if endpoints created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

networkPolicies required object pro

NetworkPolicies defines if network policies created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

persistentVolumeClaims required object pro

PersistentVolumeClaims defines if persistent volume claims created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

persistentVolumes required object pro

PersistentVolumes defines if persistent volumes created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

volumeSnapshots required object pro

VolumeSnapshots defines if volume snapshots created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

storageClasses required object pro

StorageClasses defines if storage classes created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

serviceAccounts required object pro

ServiceAccounts defines if service accounts created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

podDisruptionBudgets required object pro

PodDisruptionBudgets defines if pod disruption budgets created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

priorityClasses required object pro

PriorityClasses defines if priority classes created within the virtual cluster should get synced to the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

fromHost required object pro

Configure what resources vCluster should sync from the host cluster to the virtual cluster.

nodes required object pro

Nodes defines if nodes should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled specifies if syncing real nodes should be enabled. If this is disabled, vCluster will create fake nodes instead.

syncBackChanges required boolean pro

SyncBackChanges enables syncing labels and taints from the virtual cluster to the host cluster. If this is enabled someone within the virtual cluster will be able to change the labels and taints of the host cluster node.

clearImageStatus required boolean pro

ClearImageStatus will erase the image status when syncing a node. This allows to hide images that are pulled by the node.

selector required object pro

Selector can be used to define more granular what nodes should get synced from the host cluster to the virtual cluster.

all required boolean pro

All specifies if all nodes should get synced by vCluster from the host to the virtual cluster or only the ones where pods are assigned to.

labels required object pro

Labels are the node labels used to sync nodes from host cluster to virtual cluster. This will also set the node selector when syncing a pod from virtual cluster to host cluster to the same value.

events required object pro

Events defines if events should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

ingressClasses required object pro

IngressClasses defines if ingress classes should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

storageClasses required object pro

StorageClasses defines if storage classes should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

csiNodes required object pro

CSINodes defines if csi nodes should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

csiDrivers required object pro

CSIDrivers defines if csi drivers should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

csiStorageCapacities required object pro

CSIStorageCapacities defines if csi storage capacities should get synced from the host cluster to the virtual cluster, but not back.

enabled required boolean pro

Enabled defines if this option should be enabled.

networking required object pro

Networking options related to the virtual cluster.

replicateServices required object pro

ReplicateServices allows replicating services from the host within the virtual cluster or the other way around.

toHost required object[] pro

ToHost defines the services that should get synced from virtual cluster to the host cluster. If services are synced to a different namespace than the virtual cluster is in, additional permissions for the other namespace are required.

from required string pro

From is the service that should get synced. Can be either in the form name or namespace/name.

to required string pro

To is the target service that it should get synced to. Can be either in the form name or namespace/name.

fromHost required object[] pro

FromHost defines the services that should get synced from the host to the virtual cluster.

from required string pro

From is the service that should get synced. Can be either in the form name or namespace/name.

to required string pro

To is the target service that it should get synced to. Can be either in the form name or namespace/name.

resolveDNS required object[] pro

ResolveDNS allows to define extra DNS rules. This only works if embedded coredns is configured.

hostname required string pro

Hostname is the hostname within the vCluster that should be resolved from.

service required string pro

Service is the virtual cluster service that should be resolved from.

namespace required string pro

Namespace is the virtual cluster namespace that should be resolved from.

target required object pro

Target is the DNS target that should get mapped to

hostname required string pro

Hostname to use as a DNS target

ip required string pro

IP to use as a DNS target

hostService required string pro

HostService to target, format is hostNamespace/hostService

hostNamespace required string pro

HostNamespace to target

vClusterService required string pro

VClusterService format is hostNamespace/vClusterName/vClusterNamespace/vClusterService

advanced required object pro

Advanced holds advanced network options.

clusterDomain required string pro

ClusterDomain is the Kubernetes cluster domain to use within the virtual cluster.

fallbackHostCluster required boolean pro

FallbackHostCluster allows to fallback dns to the host cluster. This is useful if you want to reach host services without any other modification. You will need to provide a namespace for the service, e.g. my-other-service.my-other-namespace

proxyKubelets required object pro

ProxyKubelets allows rewriting certain metrics and stats from the Kubelet to "fake" this for applications such as prometheus or other node exporters.

byHostname required boolean pro

ByHostname will add a special vCluster hostname to the nodes where the node can be reached at. This doesn't work for all applications, e.g. Prometheus requires a node IP.

byIP required boolean pro

ByIP will create a separate service in the host cluster for every node that will point to virtual cluster and will be used to route traffic.

policies required object pro

Policies to enforce for the virtual cluster deployment as well as within the virtual cluster.

networkPolicy required object pro

NetworkPolicy specifies network policy options.

enabled required boolean pro

Enabled defines if the network policy should be deployed by vCluster.

fallbackDns required string pro

outgoingConnections required object pro

ipBlock required object pro

IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.

cidr required string pro

cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"

except required string[] pro

except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

podSecurityStandard required string pro

PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged

resourceQuota required object pro

ResourceQuota specifies resource quota options.

enabled required boolean pro

Enabled defines if the resource quota should be enabled.

quota required object pro

Quota are the quota options

scopeSelector required object pro

ScopeSelector is the resource quota scope selector

scopes required string[] pro

Scopes are the resource quota scopes

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

limitRange required object pro

LimitRange specifies limit range options.

enabled required boolean pro

Enabled defines if the limit range should be deployed by vCluster.

default required object pro

Default are the default limits for the limit range

defaultRequest required object pro

DefaultRequest are the default request options for the limit range

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

centralAdmission required object pro

CentralAdmission defines what validating or mutating webhooks should be enforced within the virtual cluster.

validatingWebhooks required object[] pro

ValidatingWebhooks are validating webhooks that should be enforced in the virtual cluster

kind required string pro

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to.

apiVersion required string pro

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.

metadata required object pro

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

name required string pro

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition.

labels required object pro

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.

annotations required object pro

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.

webhooks required object[] pro

Webhooks is a list of webhooks and the affected resources and operations.

name required string pro

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.

clientConfig required object pro

ClientConfig defines how to communicate with the hook.

url required string pro

URL gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

service required object pro

Service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

namespace required string pro

Namespace is the namespace of the service.

name required string pro

Name is the name of the service.

path required string pro

Path is an optional URL path which will be sent in any request to this service.

port required integer pro

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

caBundle required string pro

CABundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

rules required object[] pro

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule.

failurePolicy required string pro

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

matchPolicy required string pro

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

namespaceSelector required object pro

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

objectSelector required object pro

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector.

sideEffects required string pro

SideEffects states whether this webhook has side effects.

timeoutSeconds required integer pro

TimeoutSeconds specifies the timeout for this webhook.

admissionReviewVersions required string[] pro

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects.

matchConditions required object[] pro

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

mutatingWebhooks required object[] pro

MutatingWebhooks are mutating webhooks that should be enforced in the virtual cluster

kind required string pro

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to.

apiVersion required string pro

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.

metadata required object pro

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

name required string pro

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition.

labels required object pro

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.

annotations required object pro

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.

webhooks required object[] pro

Webhooks is a list of webhooks and the affected resources and operations.

reinvocationPolicy required string pro

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

name required string pro

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization.

clientConfig required object pro

ClientConfig defines how to communicate with the hook.

url required string pro

URL gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

service required object pro

Service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

namespace required string pro

Namespace is the namespace of the service.

name required string pro

Name is the name of the service.

path required string pro

Path is an optional URL path which will be sent in any request to this service.

port required integer pro

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

caBundle required string pro

CABundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

rules required object[] pro

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule.

failurePolicy required string pro

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

matchPolicy required string pro

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

namespaceSelector required object pro

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

objectSelector required object pro

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector.

sideEffects required string pro

SideEffects states whether this webhook has side effects.

timeoutSeconds required integer pro

TimeoutSeconds specifies the timeout for this webhook.

admissionReviewVersions required string[] pro

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects.

matchConditions required object[] pro

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

observability required object pro

Observability holds options to proxy metrics from the host cluster into the virtual cluster.

metrics required object pro

Metrics allows to proxy metrics server apis from host to virtual cluster.

proxy required object pro

Proxy holds the configuration what metrics-server apis should get proxied.

nodes required boolean pro

Nodes defines if metrics-server nodes api should get proxied from host to virtual cluster.

pods required boolean pro

Pods defines if metrics-server pods api should get proxied from host to virtual cluster.

controlPlane required object pro

Configure vCluster's control plane components and deployment.

distro required object pro

Distro holds virtual cluster related distro options. A distro cannot be changed after vCluster is deployed.

k8s required object pro

K8S holds K8s relevant configuration.

enabled required boolean pro

Enabled specifies if the K8s distro should be enabled. Only one distro can be enabled at the same time.

apiServer required object pro

APIServer holds configuration specific to starting the api server.

enabled required boolean pro

Enabled signals this container should be enabled.

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

controllerManager required object pro

ControllerManager holds configuration specific to starting the controller manager.

enabled required boolean pro

Enabled signals this container should be enabled.

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

scheduler required object pro

Scheduler holds configuration specific to starting the scheduler. Enable this via controlPlane.advanced.virtualScheduler.enabled

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

env required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

resources required object pro

Resources for the distro init container

securityContext required object pro

Security options can be used for the distro init container

k3s required object pro

K3S holds K3s relevant configuration.

enabled required boolean pro

Enabled specifies if the K3s distro should be enabled. Only one distro can be enabled at the same time.

token required string pro

Token is the K3s token to use. If empty, vCluster will choose one.

env required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

resources required object pro

Resources for the distro init container

securityContext required object pro

Security options can be used for the distro init container

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

k0s required object pro

K0S holds k0s relevant configuration.

enabled required boolean pro

Enabled specifies if the k0s distro should be enabled. Only one distro can be enabled at the same time.

config required string pro

Config allows you to override the k0s config passed to the k0s binary.

env required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

resources required object pro

Resources for the distro init container

securityContext required object pro

Security options can be used for the distro init container

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

eks required object pro

EKS holds eks relevant configuration.

enabled required boolean pro

Enabled specifies if the K8s distro should be enabled. Only one distro can be enabled at the same time.

apiServer required object pro

APIServer holds configuration specific to starting the api server.

enabled required boolean pro

Enabled signals this container should be enabled.

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

controllerManager required object pro

ControllerManager holds configuration specific to starting the controller manager.

enabled required boolean pro

Enabled signals this container should be enabled.

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

scheduler required object pro

Scheduler holds configuration specific to starting the scheduler. Enable this via controlPlane.advanced.virtualScheduler.enabled

image required object pro

Image is the distro image

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the distro image

command required string[] pro

Command is the command to start the distro binary. This will override the existing command.

extraArgs required string[] pro

ExtraArgs are additional arguments to pass to the distro binary.

env required object[] pro

Env are extra environment variables to use for the main container and NOT the init container.

resources required object pro

Resources for the distro init container

securityContext required object pro

Security options can be used for the distro init container

backingStore required object pro

BackingStore defines which backing store to use for virtual cluster. If not defined will use embedded database as a default backing store.

etcd required object pro

Etcd defines that etcd should be used as the backend for the virtual cluster

embedded required object pro

Embedded defines to use embedded etcd as a storage backend for the virtual cluster

enabled required boolean pro

Enabled defines if the embedded etcd should be used.

migrateFromDeployedEtcd required boolean pro

MigrateFromDeployedEtcd signals that vCluster should migrate from the deployed external etcd to embedded etcd.

deploy required object pro

Deploy defines to use an external etcd that is deployed by the helm chart

enabled required boolean pro

Enabled defines that an external etcd should be deployed.

statefulSet required object pro

StatefulSet holds options for the external etcd statefulSet.

enabled required boolean pro

Enabled defines if the statefulSet should be deployed

image required object pro

Image is the image to use for the external etcd statefulSet

repository required string pro

Repository is the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the pull policy for the external etcd image

env required object[] pro

Env are extra environment variables

extraArgs required string[] pro

ExtraArgs are appended to the etcd command.

resources required object pro

Resources the etcd can consume

limits required object pro

Limits are resource limits for the container

requests required object pro

Requests are minimal resources that will be consumed by the container

pods required object pro

Pods defines extra metadata for the etcd pods.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

highAvailability required object pro

HighAvailability are high availability options

replicas required integer pro

Replicas are the amount of pods to use.

scheduling required object pro

Scheduling options for the etcd pods.

nodeSelector required object pro

NodeSelector is the node selector to apply to the pod.

affinity required object pro

Affinity is the affinity to apply to the pod.

tolerations required object[] pro

Tolerations are the tolerations to apply to the pod.

priorityClassName required string pro

PriorityClassName is the priority class name for the the pod.

podManagementPolicy required string pro

PodManagementPolicy is the statefulSet pod management policy.

topologySpreadConstraints required object[] pro

TopologySpreadConstraints are the topology spread constraints for the pod.

security required object pro

Security options for the etcd pods.

podSecurityContext required object pro

PodSecurityContext specifies security context options on the pod level.

containerSecurityContext required object pro

ContainerSecurityContext specifies security context options on the container level.

persistence required object pro

Persistence options for the etcd pods.

volumeClaim required object pro

VolumeClaim can be used to configure the persistent volume claim.

enabled required boolean pro

Enabled enables deploying a persistent volume claim.

accessModes required string[] pro

AccessModes are the persistent volume claim access modes.

retentionPolicy required string pro

RetentionPolicy is the persistent volume claim retention policy.

size required string pro

Size is the persistent volume claim storage size.

storageClass required string pro

StorageClass is the persistent volume claim storage class.

volumeClaimTemplates required object[] pro

VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet

addVolumes required object[] pro

AddVolumes defines extra volumes for the pod

addVolumeMounts required object[] pro

AddVolumeMounts defines extra volume mounts for the container

name required string pro

This must match the Name of a Volume.

readOnly required boolean pro

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

mountPath required string pro

Path within the container at which the volume should be mounted. Must not contain ':'.

subPath required string pro

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

mountPropagation required string pro

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

subPathExpr required string pro

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

service required object pro

Service holds options for the external etcd service.

enabled required boolean pro

Enabled defines if the etcd service should be deployed

annotations required object pro

Annotations are extra annotations for the external etcd service

headlessService required object pro

HeadlessService holds options for the external etcd headless service.

enabled required boolean pro

Enabled defines if the etcd headless service should be deployed

annotations required object pro

Annotations are extra annotations for the external etcd headless service

database required object pro

Database defines that a database backend should be used as the backend for the virtual cluster. This uses a project called kine under the hood which is a shim for bridging Kubernetes and relational databases.

embedded required object pro

Embedded defines that an embedded database (sqlite) should be used as the backend for the virtual cluster

enabled required boolean pro

Enabled defines if the database should be used.

dataSource required string pro

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the embedded database. Examples:

  • mysql: mysql://username:password@tcp(hostname:3306)/k3s
  • postgres: postgres://username:password@hostname:5432/k3s
keyFile required string pro

KeyFile is the key file to use for the database. This is optional.

certFile required string pro

CertFile is the cert file to use for the database. This is optional.

caFile required string pro

CaFile is the ca file to use for the database. This is optional.

external required object pro

External defines that an external database should be used as the backend for the virtual cluster

enabled required boolean pro

Enabled defines if the database should be used.

dataSource required string pro

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the embedded database. Examples:

  • mysql: mysql://username:password@tcp(hostname:3306)/k3s
  • postgres: postgres://username:password@hostname:5432/k3s
keyFile required string pro

KeyFile is the key file to use for the database. This is optional.

certFile required string pro

CertFile is the cert file to use for the database. This is optional.

caFile required string pro

CaFile is the ca file to use for the database. This is optional.

coredns required object pro

CoreDNS defines everything related to the coredns that is deployed and used within the vCluster.

enabled required boolean pro

Enabled defines if coredns is enabled

embedded required boolean pro

Embedded defines if vCluster will start the embedded coredns service within the control-plane and not as a separate deployment. This is a PRO feature.

service required object pro

Service holds extra options for the coredns service deployed within the virtual cluster

spec required object pro

Spec holds extra options for the coredns service

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

deployment required object pro

Deployment holds extra options for the coredns deployment deployed within the virtual cluster

image required string pro

Image is the coredns image to use

replicas required integer pro

Replicas is the amount of coredns pods to run.

nodeSelector required object pro

NodeSelector is the node selector to use for coredns.

resources required object pro

Resources are the desired resources for coredns.

limits required object pro

Limits are resource limits for the container

requests required object pro

Requests are minimal resources that will be consumed by the container

pods required object pro

Pods is additional metadata for the coredns pods.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

overwriteConfig required string pro

OverwriteConfig can be used to overwrite the coredns config

overwriteManifests required string pro

OverwriteManifests can be used to overwrite the coredns manifests used to deploy coredns

proxy required object pro

Proxy defines options for the virtual cluster control plane proxy that is used to do authentication and intercept requests.

bindAddress required string pro

BindAddress under which vCluster will expose the proxy.

port required integer pro

Port under which vCluster will expose the proxy. Changing port is currently not supported.

extraSANs required string[] pro

ExtraSANs are extra hostnames to sign the vCluster proxy certificate for.

hostPathMapper required object pro

HostPathMapper defines if vCluster should rewrite host paths.

enabled required boolean pro

Enabled specifies if the host path mapper will be used

central required boolean pro

Central specifies if the central host path mapper will be used

ingress required object pro

Ingress defines options for vCluster ingress deployed by Helm.

enabled required boolean pro

Enabled defines if the control plane ingress should be enabled

host required string pro

Host is the host where vCluster will be reachable

pathType required string pro

PathType is the path type of the ingress

spec required object pro

Spec allows you to configure extra ingress options.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

service required object pro

Service defines options for vCluster service deployed by Helm.

enabled required boolean pro

Enabled defines if the control plane service should be enabled

spec required object pro

Spec allows you to configure extra service options.

kubeletNodePort required integer pro

KubeletNodePort is the node port where the fake kubelet is exposed. Defaults to 0.

httpsNodePort required integer pro

HTTPSNodePort is the node port where https is exposed. Defaults to 0.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

statefulSet required object pro

StatefulSet defines options for vCluster statefulSet deployed by Helm.

highAvailability required object pro

HighAvailability holds options related to high availability.

replicas required integer pro

Replicas is the amount of replicas to use for the statefulSet.

leaseDuration required integer pro

LeaseDuration is the time to lease for the leader.

renewDeadline required integer pro

RenewDeadline is the deadline to renew a lease for the leader.

retryPeriod required integer pro

RetryPeriod is the time until a replica will retry to get a lease.

resources required object pro

Resources are the resource requests and limits for the statefulSet container.

limits required object pro

Limits are resource limits for the container

requests required object pro

Requests are minimal resources that will be consumed by the container

scheduling required object pro

Scheduling holds options related to scheduling.

nodeSelector required object pro

NodeSelector is the node selector to apply to the pod.

affinity required object pro

Affinity is the affinity to apply to the pod.

tolerations required object[] pro

Tolerations are the tolerations to apply to the pod.

priorityClassName required string pro

PriorityClassName is the priority class name for the the pod.

podManagementPolicy required string pro

PodManagementPolicy is the statefulSet pod management policy.

topologySpreadConstraints required object[] pro

TopologySpreadConstraints are the topology spread constraints for the pod.

security required object pro

Security defines pod or container security context.

podSecurityContext required object pro

PodSecurityContext specifies security context options on the pod level.

containerSecurityContext required object pro

ContainerSecurityContext specifies security context options on the container level.

probes required object pro

Probes enables or disables the main container probes.

livenessProbe required object pro

LivenessProbe specifies if the liveness probe for the container should be enabled

enabled required boolean pro

Enabled defines if this option should be enabled.

readinessProbe required object pro

ReadinessProbe specifies if the readiness probe for the container should be enabled

enabled required boolean pro

Enabled defines if this option should be enabled.

startupProbe required object pro

StartupProbe specifies if the startup probe for the container should be enabled

enabled required boolean pro

Enabled defines if this option should be enabled.

persistence required object pro

Persistence defines options around persistence for the statefulSet.

volumeClaim required object pro

VolumeClaim can be used to configure the persistent volume claim.

enabled required string|boolean pro

Enabled enables deploying a persistent volume claim. If auto, vCluster will automatically determine based on the chosen distro and other options if this is required.

accessModes required string[] pro

AccessModes are the persistent volume claim access modes.

retentionPolicy required string pro

RetentionPolicy is the persistent volume claim retention policy.

size required string pro

Size is the persistent volume claim storage size.

storageClass required string pro

StorageClass is the persistent volume claim storage class.

volumeClaimTemplates required object[] pro

VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet

addVolumes required object[] pro

AddVolumes defines extra volumes for the pod

addVolumeMounts required object[] pro

AddVolumeMounts defines extra volume mounts for the container

name required string pro

This must match the Name of a Volume.

readOnly required boolean pro

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

mountPath required string pro

Path within the container at which the volume should be mounted. Must not contain ':'.

subPath required string pro

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

mountPropagation required string pro

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

subPathExpr required string pro

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

pods required object pro

Additional labels or annotations for the statefulSet pods.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

image required object pro

Image is the image for the controlPlane statefulSet container

repository required string pro

Configure the registry and repository of the container image, e.g. my-registry.com/my-repo/my-image. It defaults to the vCluster pro repository that includes the optional pro modules that are turned off by default. If you still want to use the pure OSS build, use 'ghcr.io/loft-sh/vcluster-oss' instead.

tag required string pro

Tag is the tag of the container image, e.g. latest

imagePullPolicy required string pro

ImagePullPolicy is the policy how to pull the image.

workingDir required string pro

WorkingDir specifies in what folder the main process should get started.

command required string[] pro

Command allows you to override the main command.

args required string[] pro

Args allows you to override the main arguments.

env required object[] pro

Env are additional environment variables for the statefulSet container.

serviceMonitor required object pro

ServiceMonitor can be used to automatically create a service monitor for vCluster deployment itself.

enabled required boolean pro

Enabled configures if Helm should create the service monitor.

labels required object pro

Labels are the extra labels to add to the service monitor.

annotations required object pro

Annotations are the extra annotations to add to the service monitor.

advanced required object pro

Advanced holds additional configuration for the vCluster control plane.

defaultImageRegistry required string pro

DefaultImageRegistry will be used as a prefix for all internal images deployed by vCluster or Helm. This makes it easy to upload all required vCluster images to a single private repository and set this value. Workload images are not affected by this.

virtualScheduler required object pro

VirtualScheduler defines if a scheduler should be used within the virtual cluster or the scheduling decision for workloads will be made by the host cluster.

enabled required boolean pro

Enabled defines if this option should be enabled.

serviceAccount required object pro

ServiceAccount specifies options for the vCluster control plane service account.

enabled required boolean pro

Enabled specifies if the service account should get deployed.

name required string pro

Name specifies what name to use for the service account.

imagePullSecrets required object[] pro

ImagePullSecrets defines extra image pull secrets for the service account.

name required string pro

Name of the image pull secret to use.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

workloadServiceAccount required object pro

WorkloadServiceAccount specifies options for the service account that will be used for the workloads that run within the virtual cluster.

enabled required boolean pro

Enabled specifies if the service account for the workloads should get deployed.

name required string pro

Name specifies what name to use for the service account for the virtual cluster workloads.

imagePullSecrets required object[] pro

ImagePullSecrets defines extra image pull secrets for the workload service account.

name required string pro

Name of the image pull secret to use.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

headlessService required object pro

HeadlessService specifies options for the headless service used for the vCluster StatefulSet.

annotations required object pro

Annotations are extra annotations for this resource.

labels required object pro

Labels are extra labels for this resource.

globalMetadata required object pro

GlobalMetadata is metadata that will be added to all resources deployed by Helm.

annotations required object pro

Annotations are extra annotations for this resource.

rbac required object pro

RBAC options for the virtual cluster.

role required object pro

Role holds virtual cluster role configuration

enabled required boolean pro

Enabled defines if the role should be enabled or disabled.

extraRules required object[] pro

ExtraRules will add rules to the role.

overwriteRules required object[] pro

OverwriteRules will overwrite the role rules completely.

clusterRole required object pro

ClusterRole holds virtual cluster cluster role configuration

enabled required string|boolean pro

Enabled defines if the cluster role should be enabled or disabled. If auto, vCluster automatically determines whether the virtual cluster requires a cluster role.

extraRules required object[] pro

ExtraRules will add rules to the cluster role.

overwriteRules required object[] pro

OverwriteRules will overwrite the cluster role rules completely.

plugins required <plugin_name>:object pro

Define which vCluster plugins to load.

name required string pro

Name is the name of the init-container and NOT the plugin name

image required string pro

Image is the container image that should be used for the plugin

imagePullPolicy required string pro

ImagePullPolicy is the pull policy to use for the container image

config required object pro

Config is the plugin config to use. This can be arbitrary config used for the plugin.

rbac required object pro

RBAC holds additional rbac configuration for the plugin

role required object pro

Role holds extra virtual cluster role permissions for the plugin

extraRules required object[] pro

ExtraRules are extra rbac permissions roles that will be added to role or cluster role

verbs required string[] pro

Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.

apiGroups required string[] pro

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.

resources required string[] pro

Resources is a list of resources this rule applies to. '*' represents all resources.

resourceNames required string[] pro

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

nonResourceURLs required string[] pro

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.

clusterRole required object pro

ClusterRole holds extra virtual cluster cluster role permissions required for the plugin

extraRules required object[] pro

ExtraRules are extra rbac permissions roles that will be added to role or cluster role

verbs required string[] pro

Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.

apiGroups required string[] pro

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.

resources required string[] pro

Resources is a list of resources this rule applies to. '*' represents all resources.

resourceNames required string[] pro

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

nonResourceURLs required string[] pro

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.

command required string[] pro

Command is the command that should be used for the init container

args required string[] pro

Args are the arguments that should be used for the init container

securityContext required object pro

SecurityContext is the container security context used for the init container

resources required object pro

Resources are the container resources used for the init container

volumeMounts required object[] pro

VolumeMounts are extra volume mounts for the init container

platform required object pro

Platform holds options for connecting to vCluster Platform.

apiKey required object pro

APIKey defines how vCluster can find the api key used for the platform.

value required string pro

Value specifies the api key as a regular text value.

secretRef required object pro

SecretRef defines where to find the platform api key. By default vCluster will search in the following locations in this precedence:

  • platform.apiKey.value
  • environment variable called LICENSE
  • secret specified under platform.secret.name
  • secret called "vcluster-platform-api-key" in the vCluster namespace
name required string pro

Name is the name of the secret where the platform api key is stored. This defaults to vcluster-platform-api-key if undefined.

namespace required string pro

Namespace defines the namespace where the api key secret should be retrieved from. If this is not equal to the namespace where the vCluster instance is deployed, you need to make sure vCluster has access to this other namespace.

name required string pro

Name is the name of the vCluster instance in the vCluster platform

owner required object pro

Owner is the desired owner of the vCluster instance within the vCluster platform. If empty will take the current user.

user required string pro

User is the user id within the platform. This is mutually exclusive with team.

team required string pro

Team is the team id within the platform. This is mutually exclusive with user.

project required string pro

Project is the project within the platform where the vCluster instance should connect.

experimental required object pro

Experimental features for vCluster. Configuration here might change, so be careful with this.

deploy required object pro

Deploy allows you to configure manifests and Helm charts to deploy within the virtual cluster.

manifests required string pro

Manifests are raw Kubernetes manifests that should get applied within the virtual cluster.

manifestsTemplate required string pro

ManifestsTemplate is a Kubernetes manifest template that will be rendered with vCluster values before applying it within the virtual cluster.

helm required object[] pro

Helm are Helm charts that should get deployed into the virtual cluster

chart required object pro

Chart defines what chart should get deployed.

name required string pro
repo required string pro
insecure required boolean pro
version required string pro
username required string pro
password required string pro
release required object pro

Release defines what release should get deployed.

name required string pro

Name of the release

namespace required string pro

Namespace of the release

values required string pro

Values defines what values should get used.

timeout required string pro

Timeout defines the timeout for Helm

bundle required string pro

Bundle allows to compress the Helm chart and specify this instead of an online chart

syncSettings required object pro

SyncSettings are advanced settings for the syncer controller.

disableSync required boolean pro

DisableSync will not sync any resources and disable most control plane functionality.

rewriteKubernetesService required boolean pro

RewriteKubernetesService will rewrite the Kubernetes service to point to the vCluster service if disableSync is enabled

targetNamespace required string pro

TargetNamespace is the namespace where the workloads should get synced to.

setOwner required boolean pro

SetOwner specifies if vCluster should set an owner reference on the synced objects to the vCluster service. This allows for easy garbage collection.

syncLabels required string[] pro

SyncLabels are labels that should get not rewritten when syncing from the virtual cluster.

hostMetricsBindAddress required string pro

HostMetricsBindAddress is the bind address for the local manager

virtualMetricsBindAddress required string pro

VirtualMetricsBindAddress is the bind address for the virtual manager

genericSync required object pro

GenericSync holds options to generically sync resources from virtual cluster to host.

version required string pro

Version is the config version

export required object[] pro

Exports syncs a resource from the virtual cluster to the host

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

optional required boolean pro
replaceOnConflict required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro
reversePatches required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro
selector required object pro

Selector is a label selector to select the synced objects in the virtual cluster. If empty, all objects will be synced.

labelSelector required object pro

LabelSelector are the labels to select the object from

import required object[] pro

Imports syncs a resource from the host cluster to virtual cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

optional required boolean pro
replaceOnConflict required boolean pro

ReplaceWhenInvalid determines if the controller should try to recreate the object if there is a problem applying

patches required object[] pro

Patches are the patches to apply on the virtual cluster objects when syncing them from the host cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro
reversePatches required object[] pro

ReversePatches are the patches to apply to host cluster objects after it has been synced to the virtual cluster

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro

hooks required object pro

Hooks are hooks that can be used to inject custom patches before syncing

hostToVirtual required object[] pro

HostToVirtual is a hook that is executed before syncing from the host to the virtual cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

verbs required string[] pro

Verbs are the verbs that the hook should mutate

patches required object[] pro

Patches are the patches to apply on the object to be synced

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro
virtualToHost required object[] pro

VirtualToHost is a hook that is executed before syncing from the virtual to the host cluster

apiVersion required string pro

APIVersion of the object to sync

kind required string pro

Kind of the object to sync

verbs required string[] pro

Verbs are the verbs that the hook should mutate

patches required object[] pro

Patches are the patches to apply on the object to be synced

op required string pro

Operation is the type of the patch

fromPath required string pro

FromPath is the path from the other object

path required string pro

Path is the path of the patch

namePath required string pro

NamePath is the path to the name of a child resource within Path

namespacePath required string pro

NamespacePath is path to the namespace of a child resource within Path

value required object pro

Value is the new value to be set to the path

regex required string pro

Regex - is regular expresion used to identify the Name, and optionally Namespace, parts of the field value that will be replaced with the rewritten Name and/or Namespace

conditions required object[] pro

Conditions are conditions that must be true for the patch to get executed

path required string pro

Path is the path within the object to select

subPath required string pro

SubPath is the path below the selected object to select

equal required object pro

Equal is the value the path should be equal to

notEqual required object pro

NotEqual is the value the path should not be equal to

empty required boolean pro

Empty means that the path value should be empty or unset

ignore required boolean pro

Ignore determines if the path should be ignored if handled as a reverse patch

sync required object pro

Sync defines if a specialized syncer should be initialized using values from the rewriteName operation as Secret/Configmap names to be synced

secret required boolean pro
configmap required boolean pro

clusterRole required object pro

extraRules required object[] pro

role required object pro

extraRules required object[] pro

multiNamespaceMode required object pro

MultiNamespaceMode tells virtual cluster to sync to multiple namespaces instead of a single one. This will map each virtual cluster namespace to a single namespace in the host cluster.

enabled required boolean pro

Enabled specifies if multi namespace mode should get enabled

namespaceLabels required object pro

NamespaceLabels are extra labels that will be added by vCluster to each created namespace.

isolatedControlPlane required object pro

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

enabled required boolean pro

Enabled specifies if the isolated control plane feature should be enabled.

headless required boolean pro

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

kubeConfig required string pro

KubeConfig is the path where to find the remote workload cluster kubeconfig.

namespace required string pro

Namespace is the namespace where to sync the workloads into.

service required string pro

Service is the vCluster service in the remote cluster.

virtualClusterKubeConfig required object pro

VirtualClusterKubeConfig allows you to override distro specifics and specify where vCluster will find the required certificates and vCluster config.

kubeConfig required string pro

KubeConfig is the virtual cluster kubeconfig path.

serverCAKey required string pro

ServerCAKey is the server ca key path.

serverCACert required string pro

ServerCAKey is the server ca cert path.

clientCACert required string pro

ServerCAKey is the client ca cert path.

requestHeaderCACert required string pro

RequestHeaderCACert is the request header ca cert path.

denyProxyRequests required object[] pro

DenyProxyRequests denies certain requests in the vCluster proxy.

name required string pro

The name of the check.

namespaces required string[] pro

Namespace describe a list of namespaces that will be affected by the check. An empty list means that all namespaces will be affected. In case of ClusterScoped rules, only the Namespace resource is affected.

rules required object[] pro

Rules describes on which verbs and on what resources/subresources the webhook is enforced. The webhook is enforced if it matches any Rule. The version of the request must match the rule version exactly. Equivalent matching is not supported.

apiGroups required string[] pro

APIGroups is the API groups the resources belong to. '*' is all groups.

apiVersions required string[] pro

APIVersions is the API versions the resources belong to. '*' is all versions.

resources required string[] pro

Resources is a list of resources this rule applies to.

scope required string pro

Scope specifies the scope of this rule.

operations required string[] pro

Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch. For non-resource requests, this is the lowercase http verb. If '*' is present, the length of the slice must be one.

excludedUsers required string[] pro

ExcludedUsers describe a list of users for which the checks will be skipped. Impersonation attempts on these users will still be subjected to the checks.

telemetry required object pro

Configuration related to telemetry gathered about vCluster usage.

enabled required boolean pro

Enabled specifies that the telemetry for the vCluster control plane should be enabled.

instanceCreator required string pro

machineID required string pro

platformUserID required string pro

platformInstanceID required string pro