Skip to main content

Backing Store

Each virtual cluster requires a backing store and vCluster provides two different types of backing store options:

There are different ways to deploy the type of backing store.

By default, vCluster uses an embedded SQLite database as the backing store. This option is great for smaller sandbox virtual clusters, but for production, it's recommended to use a different backing store option.

vCluster Standalone

vCluster Standalone has limited backing store options. For single control plane nodes setup,

  • Embedded database (sqlite)
  • Embedded etcd

are supported.

For multiple control plane nodes (HA) setup,

  • Embedded etcd

is supported.

Config reference

backingStore required object

BackingStore defines which backing store to use for virtual cluster. If not defined will use embedded database as a default backing store.

etcd required object

Etcd defines that etcd should be used as the backend for the virtual cluster

embedded required object

Embedded defines to use embedded etcd as a storage backend for the virtual cluster

enabled required boolean false

Enabled defines if the embedded etcd should be used.

migrateFromDeployedEtcd required boolean false

MigrateFromDeployedEtcd signals that vCluster should migrate from the deployed external etcd to embedded etcd.

snapshotCount required integer

SnapshotCount defines the number of snapshots to keep for the embedded etcd. Defaults to 10000 if less than 1.

extraArgs required string[] []

ExtraArgs are additional arguments to pass to the embedded etcd.

deploy required object

Deploy defines to use an external etcd that is deployed by the helm chart

enabled required boolean false

Enabled defines that an external etcd should be deployed.

statefulSet required object

StatefulSet holds options for the external etcd statefulSet.

enabled required boolean true

Enabled defines if the statefulSet should be deployed

EnableServiceLinks for the StatefulSet pod

image required object

Image is the image to use for the external etcd statefulSet

registry required string registry.k8s.io

Registry is the registry of the container image, e.g. my-registry.com or ghcr.io. This setting can be globally overridden via the controlPlane.advanced.defaultImageRegistry option. Empty means docker hub.

repository required string etcd

Repository is the repository of the container image, e.g. my-repo/my-image

tag required string 3.6.4-0

Tag is the tag of the container image, and is the default version.

imagePullPolicy required string

ImagePullPolicy is the pull policy for the external etcd image

env required object[] []

Env are extra environment variables

extraArgs required string[] []

ExtraArgs are appended to the etcd command.

resources required object

Resources the etcd can consume

limits required object

Limits are resource limits for the container

requests required object map[cpu:20m memory:150Mi]

Requests are minimal resources that will be consumed by the container

pods required object

Pods defines extra metadata for the etcd pods.

annotations required object {}

Annotations are extra annotations for this resource.

labels required object {}

Labels are extra labels for this resource.

highAvailability required object

HighAvailability are high availability options

replicas required integer 1

Replicas are the amount of pods to use.

scheduling required object

Scheduling options for the etcd pods.

nodeSelector required object {}

NodeSelector is the node selector to apply to the pod.

affinity required object {}

Affinity is the affinity to apply to the pod.

tolerations required object[] []

Tolerations are the tolerations to apply to the pod.

priorityClassName required string

PriorityClassName is the priority class name for the the pod.

podManagementPolicy required string Parallel

PodManagementPolicy is the statefulSet pod management policy.

topologySpreadConstraints required object[] []

TopologySpreadConstraints are the topology spread constraints for the pod.

security required object

Security options for the etcd pods.

podSecurityContext required object {}

PodSecurityContext specifies security context options on the pod level.

containerSecurityContext required object {}

ContainerSecurityContext specifies security context options on the container level.

persistence required object

Persistence options for the etcd pods.

volumeClaim required object

VolumeClaim can be used to configure the persistent volume claim.

enabled required boolean true

Enabled enables deploying a persistent volume claim.

accessModes required string[] [ReadWriteOnce]

AccessModes are the persistent volume claim access modes.

retentionPolicy required string Retain

RetentionPolicy is the persistent volume claim retention policy.

size required string 5Gi

Size is the persistent volume claim storage size.

storageClass required string

StorageClass is the persistent volume claim storage class.

volumeClaimTemplates required object[] []

VolumeClaimTemplates defines the volumeClaimTemplates for the statefulSet

addVolumes required object[] []

AddVolumes defines extra volumes for the pod

addVolumeMounts required object[]

AddVolumeMounts defines extra volume mounts for the container

name required string

This must match the Name of a Volume.

readOnly required boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

mountPath required string

Path within the container at which the volume should be mounted. Must not contain ':'.

subPath required string

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

mountPropagation required string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

subPathExpr required string

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

annotations required object {}

Annotations are extra annotations for this resource.

labels required object {}

Labels are extra labels for this resource.

service required object

Service holds options for the external etcd service.

enabled required boolean true

Enabled defines if the etcd service should be deployed

annotations required object {}

Annotations are extra annotations for the external etcd service

headlessService required object

HeadlessService holds options for the external etcd headless service.

annotations required object {}

Annotations are extra annotations for the external etcd headless service

external required object

External defines to use a self-hosted external etcd that is not deployed by the helm chart

enabled required boolean false

Enabled defines if the external etcd should be used.

endpoint required string

Endpoint holds the endpoint of the external etcd server, e.g. my-example-service:2379

tls required object

TLS defines the tls configuration for the external etcd server

caFile required string

CaFile is the path to the ca file

certFile required string

CertFile is the path to the cert file

keyFile required string

KeyFile is the path to the key file

database required object

Database defines that a database backend should be used as the backend for the virtual cluster. This uses a project called kine under the hood which is a shim for bridging Kubernetes and relational databases.

embedded required object

Embedded defines that an embedded database (sqlite) should be used as the backend for the virtual cluster

enabled required boolean false

Enabled defines if the database should be used.

dataSource required string

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the external database. Examples:

  • mysql: mysql://username:password@tcp(hostname:3306)/k3s
  • postgres: postgres://username:password@hostname:5432/k3s
identityProvider required string

IdentityProvider is the kine identity provider to use when generating temporary authentication tokens for enhanced security. This is optional for the external database. Examples:

  • aws: RDS IAM Authentication
keyFile required string

KeyFile is the key file to use for the database. This is optional.

certFile required string

CertFile is the cert file to use for the database. This is optional.

caFile required string

CaFile is the ca file to use for the database. This is optional.

extraArgs required string[] []

ExtraArgs are additional arguments to pass to Kine.

external required object

External defines that an external database should be used as the backend for the virtual cluster

enabled required boolean false

Enabled defines if the database should be used.

dataSource required string

DataSource is the kine dataSource to use for the database. This depends on the database format. This is optional for the external database. Examples:

  • mysql: mysql://username:password@tcp(hostname:3306)/k3s
  • postgres: postgres://username:password@hostname:5432/k3s
identityProvider required string

IdentityProvider is the kine identity provider to use when generating temporary authentication tokens for enhanced security. This is optional for the external database. Examples:

  • aws: RDS IAM Authentication
keyFile required string

KeyFile is the key file to use for the database. This is optional.

certFile required string

CertFile is the cert file to use for the database. This is optional.

caFile required string

CaFile is the ca file to use for the database. This is optional.

extraArgs required string[] []

ExtraArgs are additional arguments to pass to Kine.

connector required string

Connector specifies a secret located in a connected vCluster Platform that contains database server connection information to be used by Platform to create a database and database user for the vCluster. and non-privileged user. A kine endpoint should be created using the database and user on Platform registration. This is optional.