Deploy vCluster on GKE
This guide provides step-by-step instructions for deploying vCluster on Google Kubernetes Engine (GKE).
Prerequisitesβ
Before starting, ensure you have the following tools installed:
kubectl: Kubernetes command-line tool for interacting with the cluster. See Install and Set Up kubectl for installation instructions.- vCluster CLI
- Homebrew
- Mac (Intel/AMD)
- Mac (Silicon/ARM)
- Linux (AMD)
- Linux (ARM)
- Download Binary
- Windows Powershell
brew install loft-sh/tap/vclusterThe binaries in the tap are signed using the Sigstore framework for enhanced security.
curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-linux-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclustercurl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-linux-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterDownload the binary for your platform from the GitHub Releases page and add this binary to your $PATH.
md -Force "$Env:APPDATA\vcluster"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -URI "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-windows-amd64.exe" -o $Env:APPDATA\vcluster\vcluster.exe;
$env:Path += ";" + $Env:APPDATA + "\vcluster";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);Reboot RequiredYou may need to reboot your computer to use the CLI due to changes to the PATH variable (see below).
Check Environment Variable $PATHLine 4 of this install script adds the install directory
%APPDATA%\vclusterto the$PATHenvironment variable. This is only effective for the current Powershell session, i.e. when opening a new terminal window,vclustermay not be found.Make sure to add the folder
%APPDATA%\vclusterto thePATHenvironment variable after installing vcluster CLI via Powershell. Afterward, a reboot might be necessary.Confirm that you've installed the correct version of the vCluster CLI.
vcluster --version - Google Cloud SDK (
gcloudCLI)noteEnsure you have the necessary IAM permissions to create clusters and manage cloud services.
Create GKE clusterβ
Start by creating a zonal GKE cluster using the gcloud CLI. First, set up your environment variables:
Project ID can be found in the Google Cloud Console under the project name.
Alternatively use gcloud project list to list all projects and their IDs.
To check which project is active, use gcloud config get-value project.
export PROJECT_ID=development
export CLUSTER_NAME=vcluster-demo
export ZONE=europe-west1-b
export MACHINE_TYPE=e2-standard-4
Configure gcloud and enable the required APIs and set default project:
gcloud config set project $PROJECT_ID
gcloud services enable container.googleapis.com
Create the cluster:
gcloud container clusters create $CLUSTER_NAME \
--zone $ZONE \
--machine-type $MACHINE_TYPE \
--num-nodes 2
This process typically takes about 10-15 minutes.
This command creates a GKE cluster named vcluster-demo in the europe-west1-b
zone with two nodes of type e2-standard-4.
This command automatically updates your kubeconfig file with the new
cluster configuration.
Verify the host cluster creationβ
Verify the cluster by listing the nodes:
kubectl get nodes
You should see output similar to:
NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS
vcluster-demo europe-west1-b 1.30.5-gke.1443001 35.187.66.218 e2-standard-4 1.30.5-gke.1443001 2 RUNNING
Predeployment configuration optionsβ
Before deploying, it's recommended to review the set of configuration options that cannot be updated post deployment. These options require deploying a new vCluster instead of upgrading your vCluster with new options.
Control Plane Optionsβ
Decide the various options of how you want your control plane deployed:
- High availability - Run multiple copies of vCluster components.
- Rootless mode - Deploy the vCluster pod without root access to the host cluster.
- Backing Store - Decide how the data of your cluster is stored.
Backing store options
vCluster supports etcd or a relational database (using KINE) as the backend.This feature provides flexibility to vCluster operators. The available data store options allow you to select a data store that fits your use case.
vCluster supports the following datastore options:
- Embedded SQLite (default with
PersistentVolume(PV)) - PostgreSQL
- MySQL
- MariaDB
- etcd
warningAfter deploying your vCluster, there are limited migration paths to change your backing store. Review the backing store migration options before deploying.
Backing store options
- Embedded SQLite (Default)
- Embedded SQLite (No PV)
- Embedded etcd
- Deployed etcd
- MySQL / MariaDB
- PostgreSQL
This is the default, so you don't need to configure anything. If you want to explicitly set this option, you can use:
controlPlane:
backingStore:
database:
embedded:
enabled: trueBy default, vCluster stores its data in a
PersistentVolumeClaim(PVC). Alternatively, you can use anemptyDirvolume to store virtual cluster data.To use an
emptyDirto store the data instead of aPersistentVolume, create avalues.yamlwith the following contents:controlPlane:
statefulSet:
persistence:
volumeClaim:
enabled: trueThen upgrade or recreate the vCluster with:
vcluster create my-vcluster -n my-vcluster --upgrade -f values.yamlPotential data lossThis method should only be used for testing purposes, as data is lost upon pod recreation.
This is an enterprise feature that allows you to deploy etcd within each vCluster to enable high availability (HA), which isnβt supported with embedded SQLite:
controlPlane:
backingStore:
etcd:
embedded:
enabled: trueThis deploys an etcd instance outside of the vCluster control plane pod that is used as a backing store:
controlPlane:
backingStore:
etcd:
deploy:
enabled: trueThe option for MySQL and MariaDB typically has the following format:
controlPlane:
backingStore:
database:
external:
enabled: true
dataSource: mysql://username:password@tcp(hostname:3306)/database-nameIf you specify a database name and it does not exist, the server attempts to create it.
The option for PostgreSQL typically has the following format:
controlPlane:
backingStore:
database:
external:
enabled: true
dataSource: postgres://username:password@hostname:port/database-nameMore advanced configuration parameters are available. For more information, see https://godoc.org/github.com/lib/pq.
If you specify a database name and it does not exist, the server attempts to create it.
- Embedded SQLite (default with
Worker Nodesβ
Decide where you want your worker nodes to come from:
- Nodes from the host cluster - (Default) All worker nodes of the shared host cluster are used by the virtual cluster and all resources are synced to the single namespace that the vCluster is deployed on.
- Syncing Namespaces - Resources are synced to mapped namespaces on the host cluster.
- Isolated workloads - Different options to isolate a workload in a vCluster.
- Private Nodes - Enable adding individual nodes to the virtual cluster.
Deploy vCluster on GKEβ
If you're not sure which options to configure, you can update most settings later by upgrading your vCluster with an updated vcluster.yaml.
However, some settings β such as what type of worker nodes or the backing store β can only be set during the initial deployment and cannot be changed during an upgrade.
All of the deployment options below have the following assumptions:
- A
vcluster.yamlis provided. Refer to thevcluster.yamlreference docs to explore all configuration options. This file is optional and can be removed from the examples. - The vCluster is called
my-vcluster. - The vCluster is be deployed into the
team-xnamespace.
- vCluster CLI
- Helm
- Terraform
- Argo CD
- Cluster API
The vCluster CLI provides the most straightforward way to deploy and manage virtual clusters.
Install the vCluster CLI:
- Homebrew
- Mac (Intel/AMD)
- Mac (Silicon/ARM)
- Linux (AMD)
- Linux (ARM)
- Download Binary
- Windows Powershell
brew install loft-sh/tap/vcluster-experimentalIf you installed the CLI using
brew install vcluster, you shouldbrew uninstall vclusterand then install the experimental version. The binaries in the tap are signed using the Sigstore framework for enhanced security.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-darwin-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-darwin-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-linux-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-linux-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.Download the binary for your platform from the GitHub Releases page and add this binary to your $PATH.
md -Force "$Env:APPDATA\vcluster"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -URI "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-windows-amd64.exe" -o $Env:APPDATA\vcluster\vcluster.exe;
$env:Path += ";" + $Env:APPDATA + "\vcluster";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);Replace
<VCLUSTER_VERSION>with the version you want to download.Reboot RequiredYou may need to reboot your computer to use the CLI due to changes to the PATH variable (see below).
Check Environment Variable $PATHLine 4 of this install script adds the install directory
%APPDATA%\vclusterto the$PATHenvironment variable. This is only effective for the current Powershell session, i.e. when opening a new terminal window,vclustermay not be found.Make sure to add the folder
%APPDATA%\vclusterto thePATHenvironment variable after installing vcluster CLI via Powershell. Afterward, a reboot might be necessary.Confirm that you've installed the correct version of the vCluster CLI.
vcluster --versionDeploy vCluster:
Modify the following with your specific values to generate a copyable command:vcluster create my-vcluster --namespace team-x --values vcluster.yamlnoteAfter installation, vCluster automatically switches your Kubernetes context to the new virtual cluster. You can now run
kubectlcommands against the virtual cluster.
Helm provides fine-grained control over the deployment process and integrates well with existing Helm-based workflows.
Deploy vCluster using the
helm upgradecommand:Modify the following with your specific values to generate a copyable command:helm upgrade --install my-vcluster vcluster \
--values vcluster.yaml \
--repo https://charts.loft.sh \
--namespace team-x \
--repository-config='' \
--create-namespace
You can use Terraform to deploy vCluster as code with version control and state management.
Create a
main.tffile to define your vCluster deployment using the Terraform Helm provider:provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
resource "helm_release" "my_vcluster" {
name = "my-vcluster"
namespace = "team-x"
create_namespace = true
repository = "https://charts.loft.sh"
chart = "vcluster"
# If you didn't create a vcluster.yaml, remove the values section.
values = [
file("${path.module}/vcluster.yaml")
]
}Install the required Helm provider and initialize Terraform:
terraform initGenerate a plan to preview the changes:
terraform planReview the plan output to verify connectivity and proposed changes.
Deploy vCluster:
terraform apply
ArgoCD deployment enables GitOps workflows for vCluster management, and provides automated deployment, drift detection, and declarative configuration management through Git repositories.
To deploy vCluster using ArgoCD, you need the following files:
vcluster.yamlfor your vCluster configuration options.<CLUSTER_NAME>-app.yamlfor your ArgoCDApplicationdefinition. Replace<CLUSTER_NAME>with your actual cluster name.
Create the ArgoCD
Applicationfile<CLUSTER_NAME>-app.yaml, which references the vCluster Helm chart:Modify the following with your specific values to generate a copyable command:apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-vcluster
namespace: argocd
spec:
project: default
source:
chart: vcluster
repoURL: https://charts.loft.sh
helm:
releaseName: my-vcluster
valueFiles:
- vcluster.yaml
destination:
server: https://kubernetes.default.svc
namespace: team-xCommit and push these files to your configured ArgoCD repository.
Sync your ArgoCD repository with your configured cluster:
Modify the following with your specific values to generate a copyable command:argocd app sync my-vcluster
Cluster API (CAPI) provides lifecycle management for Kubernetes clusters. The vCluster CAPI provider enables you to manage virtual clusters using the same declarative APIs and tooling used for physical clusters. For more details, see the Cluster API Provider for vCluster documentation.
Install the
clusterctlCLI.Install the vCluster provider:
clusterctl init --infrastructure vcluster:v0.2.0Export environment variables for the Cluster API provider to create the manifest. The manifest is applied to your Kubernetes cluster, which deploys a vCluster.
Modify the following with your specific values to generate a copyable command:export CLUSTER_NAME=my-vcluster
export CLUSTER_NAMESPACE=team-x
export VCLUSTER_YAML=$(awk '{printf "%s\n", $0}' vcluster.yaml)Create the namespace for the vCluster using the exported variable:
Modify the following with your specific values to generate a copyable command:kubectl create namespace team-xGenerate the required manifests and apply them using the exported variables:
Modify the following with your specific values to generate a copyable command:clusterctl generate cluster my-vcluster \
--infrastructure vcluster \
--target-namespace team-x \
| kubectl apply -f -Kubernetes versionThe Kubernetes version for the vCluster is not set at the CAPI provider command. Configure it in the
vcluster.yamlfile based on your Kubernetes distribution.Wait for vCluster to become ready by monitoring the vCluster custom resource status:
Modify the following with your specific values to generate a copyable command:kubectl wait --for=condition=ready vcluster -n team-x my-vcluster --timeout=300s
Next stepsβ
Now that you have vCluster running on GKE, consider setting up the platform UI to mange your virtual clusters.
Workload Identityβ
This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.
When using the platform you can easily enable Workload Identity.
Cleanupβ
If you deployed the GKE cluster with this tutorial, and want to clean up the resources, run the following command:
gcloud container clusters delete $CLUSTER_NAME --zone $ZONE --quiet