Deploy in high availability
By default, vCluster runs one instance of each of its components. This deployment method is recommended for any uses cases that are very ephemeral (e.g. dev environments, CI/CD, etc.), but for production use cases, it's recommended to run vCluster with more redundancy. We recommend deploying vCluster in high availability (HA) in order to run multiple copies of the vCluster components so that the virtual cluster is more resistant to failures.
Enabling high availabilityβ
When running vCluster with high availability, the default backing store option (i.e. embedded database) must be changed to any of the other backing store options.
Deployed etcd YAML exampleβ
controlPlane:
# Deploy etcd with 3 replicas
backingStore:
etcd:
deploy:
enabled: true
statefulSet:
highAvailability:
replicas: 3
# Deploy vCluster with 3 replicas
statefulSet:
highAvailability:
replicas: 3
Embedded etcd YAML exampleβ
This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.
controlPlane:
# Deploy etcd with 3 replicas
backingStore:
etcd:
embedded:
enabled: true
# Deploy vCluster with 3 replicas
statefulSet:
highAvailability:
replicas: 3
Other predeployment configuration optionsβ
Before deploying, it's recommended to review the set of configuration options that cannot be updated post deployment. These options require deploying a new vCluster instead of upgrading your vCluster with new options.
Control Plane Optionsβ
Decide the various options of how you want your control plane deployed:
- High availability - Run multiple copies of vCluster components.
- Rootless mode - Deploy the vCluster pod without root access to the host cluster.
- Backing Store - Decide how the data of your cluster is stored.
Backing store options
vCluster supports etcd or a relational database (using KINE) as the backend.This feature provides flexibility to vCluster operators. The available data store options allow you to select a data store that fits your use case.
vCluster supports the following datastore options:
- Embedded SQLite (default with
PersistentVolume(PV)) - PostgreSQL
- MySQL
- MariaDB
- etcd
warningAfter deploying your vCluster, there are limited migration paths to change your backing store. Review the backing store migration options before deploying.
Backing store options
- Embedded SQLite (Default)
- Embedded SQLite (No PV)
- Embedded etcd
- Deployed etcd
- MySQL / MariaDB
- PostgreSQL
This is the default, so you don't need to configure anything. If you want to explicitly set this option, you can use:
controlPlane:
backingStore:
database:
embedded:
enabled: trueBy default, vCluster stores its data in a
PersistentVolumeClaim(PVC). Alternatively, you can use anemptyDirvolume to store virtual cluster data.To use an
emptyDirto store the data instead of aPersistentVolume, create avalues.yamlwith the following contents:controlPlane:
statefulSet:
persistence:
volumeClaim:
enabled: trueThen upgrade or recreate the vCluster with:
vcluster create my-vcluster -n my-vcluster --upgrade -f values.yamlPotential data lossThis method should only be used for testing purposes, as data is lost upon pod recreation.
This is an enterprise feature that allows you to deploy etcd within each vCluster to enable high availability (HA), which isnβt supported with embedded SQLite:
controlPlane:
backingStore:
etcd:
embedded:
enabled: trueThis deploys an etcd instance outside of the vCluster control plane pod that is used as a backing store:
controlPlane:
backingStore:
etcd:
deploy:
enabled: trueThe option for MySQL and MariaDB typically has the following format:
controlPlane:
backingStore:
database:
external:
enabled: true
dataSource: mysql://username:password@tcp(hostname:3306)/database-nameIf you specify a database name and it does not exist, the server attempts to create it.
The option for PostgreSQL typically has the following format:
controlPlane:
backingStore:
database:
external:
enabled: true
dataSource: postgres://username:password@hostname:port/database-nameMore advanced configuration parameters are available. For more information, see https://godoc.org/github.com/lib/pq.
If you specify a database name and it does not exist, the server attempts to create it.
- Embedded SQLite (default with
Worker Nodesβ
Decide where you want your worker nodes to come from:
- Nodes from the host cluster - (Default) All worker nodes of the shared host cluster are used by the virtual cluster and all resources are synced to the single namespace that the vCluster is deployed on.
- Syncing Namespaces - Resources are synced to mapped namespaces on the host cluster.
- Isolated workloads - Different options to isolate a workload in a vCluster.
- Private Nodes - Enable adding individual nodes to the virtual cluster.
Deploy vCluster with HAβ
If you're not sure which options to configure, you can update most settings later by upgrading your vCluster with an updated vcluster.yaml.
However, some settings β such as what type of worker nodes or the backing store β can only be set during the initial deployment and cannot be changed during an upgrade.
All of the deployment options below have the following assumptions:
- A
vcluster.yamlis provided. Refer to thevcluster.yamlreference docs to explore all configuration options. This file is optional and can be removed from the examples. - The vCluster is called
my-vcluster. - The vCluster is be deployed into the
team-xnamespace.
- vCluster CLI
- Helm
- Terraform
- Argo CD
- Cluster API
The vCluster CLI provides the most straightforward way to deploy and manage virtual clusters.
Install the vCluster CLI:
- Homebrew
- Mac (Intel/AMD)
- Mac (Silicon/ARM)
- Linux (AMD)
- Linux (ARM)
- Download Binary
- Windows Powershell
brew install loft-sh/tap/vcluster-experimentalIf you installed the CLI using
brew install vcluster, you shouldbrew uninstall vclusterand then install the experimental version. The binaries in the tap are signed using the Sigstore framework for enhanced security.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-darwin-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-darwin-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-linux-amd64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-linux-arm64" && sudo install -c -m 0755 vcluster /usr/local/bin && rm -f vclusterReplace
<VCLUSTER_VERSION>with the version you want to download.Download the binary for your platform from the GitHub Releases page and add this binary to your $PATH.
md -Force "$Env:APPDATA\vcluster"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -URI "https://github.com/loft-sh/vcluster/releases/download/<VCLUSTER_VERSION>/vcluster-windows-amd64.exe" -o $Env:APPDATA\vcluster\vcluster.exe;
$env:Path += ";" + $Env:APPDATA + "\vcluster";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);Replace
<VCLUSTER_VERSION>with the version you want to download.Reboot RequiredYou may need to reboot your computer to use the CLI due to changes to the PATH variable (see below).
Check Environment Variable $PATHLine 4 of this install script adds the install directory
%APPDATA%\vclusterto the$PATHenvironment variable. This is only effective for the current Powershell session, i.e. when opening a new terminal window,vclustermay not be found.Make sure to add the folder
%APPDATA%\vclusterto thePATHenvironment variable after installing vcluster CLI via Powershell. Afterward, a reboot might be necessary.Confirm that you've installed the correct version of the vCluster CLI.
vcluster --versionDeploy vCluster:
Modify the following with your specific values to generate a copyable command:vcluster create my-vcluster --namespace team-x --values vcluster.yamlnoteAfter installation, vCluster automatically switches your Kubernetes context to the new virtual cluster. You can now run
kubectlcommands against the virtual cluster.
Helm provides fine-grained control over the deployment process and integrates well with existing Helm-based workflows.
Deploy vCluster using the
helm upgradecommand:Modify the following with your specific values to generate a copyable command:helm upgrade --install my-vcluster vcluster \
--values vcluster.yaml \
--repo https://charts.loft.sh \
--namespace team-x \
--repository-config='' \
--create-namespace
You can use Terraform to deploy vCluster as code with version control and state management.
Create a
main.tffile to define your vCluster deployment using the Terraform Helm provider:provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
resource "helm_release" "my_vcluster" {
name = "my-vcluster"
namespace = "team-x"
create_namespace = true
repository = "https://charts.loft.sh"
chart = "vcluster"
# If you didn't create a vcluster.yaml, remove the values section.
values = [
file("${path.module}/vcluster.yaml")
]
}Install the required Helm provider and initialize Terraform:
terraform initGenerate a plan to preview the changes:
terraform planReview the plan output to verify connectivity and proposed changes.
Deploy vCluster:
terraform apply
ArgoCD deployment enables GitOps workflows for vCluster management, and provides automated deployment, drift detection, and declarative configuration management through Git repositories.
To deploy vCluster using ArgoCD, you need the following files:
vcluster.yamlfor your vCluster configuration options.<CLUSTER_NAME>-app.yamlfor your ArgoCDApplicationdefinition. Replace<CLUSTER_NAME>with your actual cluster name.
Create the ArgoCD
Applicationfile<CLUSTER_NAME>-app.yaml, which references the vCluster Helm chart:Modify the following with your specific values to generate a copyable command:apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-vcluster
namespace: argocd
spec:
project: default
source:
chart: vcluster
repoURL: https://charts.loft.sh
helm:
releaseName: my-vcluster
valueFiles:
- vcluster.yaml
destination:
server: https://kubernetes.default.svc
namespace: team-xCommit and push these files to your configured ArgoCD repository.
Sync your ArgoCD repository with your configured cluster:
Modify the following with your specific values to generate a copyable command:argocd app sync my-vcluster
Cluster API (CAPI) provides lifecycle management for Kubernetes clusters. The vCluster CAPI provider enables you to manage virtual clusters using the same declarative APIs and tooling used for physical clusters. For more details, see the Cluster API Provider for vCluster documentation.
Install the
clusterctlCLI.Install the vCluster provider:
clusterctl init --infrastructure vcluster:v0.2.0Export environment variables for the Cluster API provider to create the manifest. The manifest is applied to your Kubernetes cluster, which deploys a vCluster.
Modify the following with your specific values to generate a copyable command:export CLUSTER_NAME=my-vcluster
export CLUSTER_NAMESPACE=team-x
export VCLUSTER_YAML=$(awk '{printf "%s\n", $0}' vcluster.yaml)Create the namespace for the vCluster using the exported variable:
Modify the following with your specific values to generate a copyable command:kubectl create namespace team-xGenerate the required manifests and apply them using the exported variables:
Modify the following with your specific values to generate a copyable command:clusterctl generate cluster my-vcluster \
--infrastructure vcluster \
--target-namespace team-x \
| kubectl apply -f -Kubernetes versionThe Kubernetes version for the vCluster is not set at the CAPI provider command. Configure it in the
vcluster.yamlfile based on your Kubernetes distribution.Wait for vCluster to become ready by monitoring the vCluster custom resource status:
Modify the following with your specific values to generate a copyable command:kubectl wait --for=condition=ready vcluster -n team-x my-vcluster --timeout=300s
Check the pods of the vCluster on the host clusterβ
Ensure that your kubecontext is set to the host cluster.
If you've used the vCluster CLI, your kubecontext automatically switches and connects to the virtual cluster.
You can get the pods in the namespace of the virtual cluster. The namespace is
called vcluster-my-vcluster in the host cluster, and contains the components of the vCluster.
kubectl get pods -n vcluster-my-vcluster
Example using the deployed etcd yaml:
NAME READY STATUS RESTARTS AGE
my-vcluster-7c5c5844c5-27j2v 0/1 Running 0 20s
my-vcluster-7c5c5844c5-gb2sm 0/1 Running 0 20s
my-vcluster-7c5c5844c5-pwn7k 0/1 Running 0 20s
my-vcluster-etcd-0 0/1 Running 0 20s
my-vcluster-etcd-1 0/1 Running 0 20s
my-vcluster-etcd-2 0/1 Running 0 20s
There are three replicas running of each component (control plane and etcd) of the vCluster. If one API server pod goes down, the vCluster continues working.
In order to see which nodes in the host cluster that these pods were scheduled on, add the -o wide flag to the kubectl get pods command:
kubectl get pods -n vcluster-my-vcluster -o wide
The hostnames of the nodes will be listed in the NODES column.