There are multiple ways how you can access a vcluster with an external application like
Please make sure to install the vcluster CLI. Create a kubeconfig via:
Depending on if the vcluster was created with the
--expose flag, the CLI will either start port-forwarding or create a kubeconfig that can be used directly.
If you have manually exposed the vcluster, you can specify the domain where the vcluster is reachable via the
There might be cases where connecting to a vcluster with the CLI is not feasible or the CLI cannot be installed. For such cases, you can retrieve the vcluster kube config from a secret that is created automatically in the vcluster namespace.
The secret is prefixed with
vc- and ends with the vcluster name, so a vcluster called
my-vcluster in namespace
test would create a secret called
vc-my-vcluster in the namespace
test. You can retrieve the kube config after the vcluster has started via:
The secret will hold a kube config in this format:
By default, the server
https://localhost:8443 is used that would work if you port forward the vcluster with:
With the syncer flag
--out-kube-config-secret-namespace you can specify a different namespace where the kube config secret should be created in. Keep in mind that you have to manually apply RBAC permissions for the vcluster to allow creation and retrieving of secrets in that namespace.
If you have exposed the vcluster, you can also tell the vcluster to create the kube config secret with another server endpoint through the
For example, if you want to expose a vcluster at
https://my-domain.org, you can create a
values.yaml like this:
Then you can create or upgrade the vcluster with:
Wait until the vcluster has started and you can retrieve the kube config via: