Skip to main content

Configuration Reference

Syncer Flags#

--bind-address string The address to bind the server to (default "0.0.0.0")
--client-ca-cert string The path to the client ca certificate (default "/data/server/tls/client-ca.crt")
--cluster-domain string The cluster domain ending that should be used for the virtual cluster (default "cluster.local")
--disable-fake-kubelets If disabled, the virtual cluster will not create fake kubelet endpoints to support metrics-servers
--enforce-node-selector If enabled and --node-selector is set then the virtual cluster will ensure that no pods are scheduled outside of the node selector (default true)
-h, --help help for start
--kube-config string The path to the virtual cluster admin kube config (default "/data/server/cred/admin.kubeconfig")
--leader-elect If enabled, syncer will use leader election
--lease-duration int Lease duration of the leader election in seconds (default 60)
--name string The name of the virtual cluster
--node-selector string If set, nodes with the given node selector will be synced to the virtual cluster. This will implicitly set --fake-nodes=false
--out-kube-config-secret string If specified, the virtual cluster will write the generated kube config to the given secret
--out-kube-config-secret-namespace string If specified, the virtual cluster will write the generated kube config in the given namespace
--out-kube-config-server string If specified, the virtual cluster will use this server for the generated kube config (e.g. https://my-vcluster.domain.com)
--override-hosts If enabled, vcluster will override a containers /etc/hosts file if there is a subdomain specified for the pod (spec.subdomain). (default true)
--override-hosts-container-image string The image for the init container that is used for creating the override hosts file. (default "library/alpine:3.13.1")
--port int The port to bind to (default 8443)
--renew-deadline int Renew deadline of the leader election in seconds (default 40)
--request-header-ca-cert string The path to the request header ca certificate (default "/data/server/tls/request-header-ca.crt")
--retry-period int Retry period of the leader election in seconds (default 15)
--server-ca-cert string The path to the server ca certificate (default "/data/server/tls/server-ca.crt")
--server-ca-key string The path to the server ca key (default "/data/server/tls/server-ca.key")
--service-account string If set, will set this host service account on the synced pods
--service-name string The service name where the vcluster proxy will be available
--set-owner If true, will set the same owner the currently running syncer pod has on the synced resources (default true)
--sync string A list of sync controllers to enable. 'foo' enables the sync controller named 'foo', '-foo' disables the sync controller named 'foo'
--sync-all-nodes If enabled and --fake-nodes is false, the virtual cluster will sync all nodes instead of only the needed ones
--sync-node-changes If enabled and --fake-nodes is false, the virtual cluster will proxy node updates from the virtual cluster to the host cluster. This is not recommended and should only be used if you know what you are doing.
--target-namespace string The namespace to run the virtual cluster in (defaults to current namespace)
--tls-san strings Add additional hostname or IP as a Subject Alternative Name in the TLS cert
--translate-image strings Translates image names from the virtual pod to the physical pod (e.g. coredns/coredns=mirror.io/coredns/coredns)