Parameters
The parent key for all of the following parameters is vcluster.
This component supports multi-instantiation.
namespace
| type |
string |
| default |
|
The namespace in which to deploy this component.
Deploying multiple vclusters in the same namespace isn’t supported.
namespaceMetadata
| type |
dictionary |
| default |
|
| example |
|
Additional metadata for the namespace.
host_service_cidr
| type |
string |
| default |
|
The host cluster’s service CIDR. Must be set.
You can find out a host cluster’s service CIDR by deploying a service with an invalid ClusterIP (such as 1.1.1.1).
kubectl create svc clusterip check-service-cidr --clusterip=1.1.1.1 --tcp=5678:5678The error message shows the host cluster’s service CIDR:
The Service "check-service-cidr" is invalid: spec.clusterIPs: Invalid value: []string{"1.1.1.1"}.... The range of valid IPs is 10.96.0.0/12.images
| type |
dictionary |
Dictionary containing the container images used by this component.
The kubectl image is used to create OCP routes. The kubectl and jq binaries are required in this image.
The deprecated parameter repository is still supported for backwards compatibility.
Use registry instead.
repository overrides the registry parameter if both are set.
|
k3s.additional_args
| type |
list |
| default |
|
| example |
|
Additional arguments for the k3s cluster.
storage.persistence
| type |
boolean |
| default |
|
Persistence controls whether vcluster resources are persisted between deployments.
resources
| type |
string |
| default |
|
The resource requests and limits for the k3s and syncer containers.
ingress.host
| type |
string |
| default |
|
If set, an ingress with the defined host is created. The ingress is created with TLS spec for the same host.
It’s assumed that cert-manager is running on the cluster to provision Let’s Encrypt certificates.
|
ingress.annotations
| type |
dict |
| default |
|
| example |
|
Additional annotations for the ingress object.
ocp_route.host
| type |
string |
| default |
|
If set, a route.openshift.io/v1.Route with the defined host is created.
The route is set with TLS termination set to re-encrypt.
The re-encyption breaks the mTLS user authentication. A secondary authentication method, like OIDC, should be configured.
syn.registration_url
| type |
string |
| default |
|
| example |
|
If set, the vcluster is registered with a Project SYN instance.
additional_manifests
| type |
dict |
| default |
|
| example |
|
Manifests that should be applied to the vcluster after startup.
Example
host_service_cidr: 172.30.0.0/16
storage:
persistence: false
ingress:
host: testcluster.local
k3s:
additional_args:
- --kube-apiserver-arg=oidc-issuer-url=https://id.local/auth/realms/local
- --kube-apiserver-arg=oidc-client-id=local
- --kube-apiserver-arg=oidc-username-claim=email
- --kube-apiserver-arg=oidc-groups-claim=groups