Standalone

Limited vCluster Tenancy Configuration Support

This feature is only available for the following:

Running the control plane as a binary for vCluster Standalone, which uses private nodes.

vCluster Standalone is a different architecture model for vCluster for the control plane and node as there is no requirement of a host cluster. vCluster is deployed directly onto nodes like other Kubernetes distribution. vCluster Standalone can run on any type of node, whether that is a bare-metal node or VM. It provides the strictest isolation for workloads as there is no shared host cluster for the control plane or worker nodes.

When enabling vCluster Standalone, the control plane is now no longer on a shared host cluster, but on its own independent node. Worker nodes must be private nodes.

Installation Overview

vCluster Standalone requires having dedicated nodes to build your control plane nodes and optionally add additional worker nodes.

The steps are to bring up a vCluster Standalone cluster are:

1. Install an initial control plane node.
2. (Optional) Join additional control plane nodes.
3. (Optional) Join worker nodes.

Node Roles

By default, the node only acts as a control plane node, but can be enabled to run as a worker node as well.

Allow control plane node to be a worker node

controlPlane:
  standalone:
    enabled: true
    joinNode: 
      enabled: true  # Control Plane node will also be considered a worker node 
privateNodes: # Required when adding additional worker nodes
  enabled: true

Config Reference

standalone required object

Standalone holds configuration for standalone mode. Standalone mode is set automatically when no container is detected and also implies privateNodes.enabled.

enabled required boolean

Enabled defines if standalone mode should be enabled.

dataDir required string /var/lib/vcluster

DataDir defines the data directory for the standalone mode.

autoNodes required object

AutoNodes automatically deploys nodes for standalone mode.

provider required string

Provider is the node provider of the nodes in this pool.

quantity required integer

Quantity is the number of nodes to deploy for standalone mode.

requirements required object[]

Requirements filter the types of nodes that can be provisioned by this pool. All requirements must be met for a node type to be eligible.

property required string

Property is the property on the node type to select.

operator required string

Operator is the comparison operator, such as "In", "NotIn", "Exists". If empty, defaults to "In".

values required string[]

Values is the list of values to use for comparison. This is mutually exclusive with value.

value required string

Value is the value to use for comparison. This is mutually exclusive with values.

joinNode required object

JoinNode holds configuration for the standalone control plane node.

enabled required boolean true

Enabled defines if the standalone node should be joined into the cluster. If false, only the control plane binaries will be executed and no node will show up in the actual cluster.

preInstallCommands required string[]

PreInstallCommands are commands that will be executed before containerd, kubelet etc. is installed.

preJoinCommands required string[]

PreJoinCommands are commands that will be executed before kubeadm join is executed.

postJoinCommands required string[]

PostJoinCommands are commands that will be executed after kubeadm join is executed.

containerd required object

Containerd holds configuration for the containerd join process.

enabled required boolean true

Enabled defines if containerd should be installed and configured by vCluster.

registry required object

Registry holds configuration for how containerd should be configured to use a registries.

configPath required string

ConfigPath is the path to the containerd registry config.

mirrors required {key: object}

Mirrors holds configuration for the containerd registry mirrors. E.g. myregistry.io:5000 or docker.io. See https://github.com/containerd/containerd/blob/main/docs/hosts.md for more details.

server required string

Server is the fallback server to use for the containerd registry mirror. E.g. https://registry-1.docker.io. See https://github.com/containerd/containerd/blob/main/docs/hosts.md for more details.

caCert required string[]

CACert are paths to CA certificates to use for the containerd registry mirror.

skipVerify required boolean

SkipVerify is a boolean to skip the certificate verification for the containerd registry mirror and allows http connections.

capabilities required string[]

Capabilities is a list of capabilities to enable for the containerd registry mirror. If empty, will use pull and resolve capabilities.

overridePath required boolean

OverridePath is a boolean to override the path for the containerd registry mirror.

hosts required object[]

Hosts holds configuration for the containerd registry mirror hosts. See https://github.com/containerd/containerd/blob/main/docs/hosts.md for more details.

server required string

Server is the server to use for the containerd registry mirror host. E.g. http://192.168.31.250:5000.

caCert required string[]

CACert are paths to CA certificates to use for the containerd registry mirror host.

skipVerify required boolean

SkipVerify is a boolean to skip the certificate verification for the containerd registry mirror and allows http connections.

capabilities required string[]

Capabilities is a list of capabilities to enable for the containerd registry mirror. If empty, will use pull and resolve capabilities.

overridePath required boolean

OverridePath is a boolean to override the path for the containerd registry mirror.

auth required {key: object}

Auth holds configuration for the containerd registry auth. See https://github.com/containerd/containerd/blob/main/docs/cri/registry.md#configure-registry-credentials for more details.

username required string

Username is the username for the containerd registry.

password required string

Password is the password for the containerd registry.

identityToken required string

IdentityToken is the token for the containerd registry.

auth required string

Auth is the auth config for the containerd registry.

pauseImage required string

PauseImage is the image for the pause container.

caCertPath required string

CACertPath is the path to the SSL certificate authority used to secure communications between node and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".

skipPhases required string[]

SkipPhases is a list of phases to skip during command execution. The list of phases can be obtained with the "kubeadm join --help" command.

nodeRegistration required object

NodeRegistration holds configuration for the node registration similar to the kubeadm node registration.

criSocket required string

CRI socket is the socket for the CRI.

kubeletExtraArgs required object[]

KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. An argument name in this list is the flag name as it appears on the command line except without leading dash(es). Extra arguments will override existing default arguments. Duplicate extra arguments are allowed.

name required string

Name is the name of the argument.

value required string

Value is the value of the argument.

taints required object[]

Taints are additional taints to set for the kubelet.

key required string

Required. The taint key to be applied to a node.

value required string

The taint value corresponding to the taint key.

effect required string

Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.

ignorePreflightErrors required string[]

IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

imagePullPolicy required string

ImagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. The value of this field must be one of "Always", "IfNotPresent" or "Never". If this field is unset kubeadm will default it to "IfNotPresent", or pull the required images if not present on the host.