Networking
Ingress traffic
Ingress to Service
The vCluster has the option to enable Ingress resources synchronization. That means that you can create an ingress in a vCluster to make a service in this vCluster available via a hostname/domain. However, instead of having to run a separate ingress controller in each vCluster, the ingress resource synchronizes to the underlying cluster (when enabled) which means that the vCluster can use a shared ingress controller that is running in the host cluster. This helps to share resources across different virtual clusters and is easier for users of virtual clusters because otherwise, they would need to install an ingress controller and manually configure DNS for each vCluster.
From inside a virtual cluster
Pod in the virtual cluster to Pod in the same virtual cluster
Pods run inside the underlying host cluster. vCluster's syncer component syncs Pods between host and virtual cluster. These synced Pods have cluster-internal IP addresses and can communicate with each other via IP-based networking.
No additional configuration is required for Pod to Pod networking in the same virtual cluster.
Pod in the virtual cluster to Service in the same virtual cluster
To allow pods to communicate with services, vCluster also synchronizes Service objects, while stripping away unnecessary information from the resource. However, instead of using the DNS names of the Services inside the host cluster, vCluster has its own DNS service which allows virtual cluster pods to use much more intuitive DNS mappings, just as in a regular cluster.
No additional configuration is required for Pod to Service networking in the same virtual cluster.
Pod in the virtual cluster to Service in the host cluster
See Host cluster to virtual cluster.
Pod in the virtual cluster to Service in a different virtual cluster
See Mapping services across vCluster instances.
From the host cluster
Pod in the host cluster to Service in the virtual cluster
See Virtual cluster to host cluster
Service CIDR and Pod CIDR
To configure service cidr or pod cidr of the vCluster, e.g.:
privateNodes:
enabled: true
networking:
podCIDR: 10.64.0.0/16
serviceCIDR: 10.128.0.0/16
Config reference
networking required object
Networking options related to the virtual cluster.
networking required object serviceCIDR required string
ServiceCIDR holds the service cidr for the virtual cluster. This should only be set if privateNodes.enabled is true or vCluster cannot detect the host service cidr.
serviceCIDR required string podCIDR required string 10.244.0.0/16
PodCIDR holds the pod cidr for the virtual cluster. This should only be set if privateNodes.enabled is true.
podCIDR required string 10.244.0.0/16 replicateServices required object
ReplicateServices allows replicating services from the host within the virtual cluster or the other way around.
replicateServices required object toHost required object[]
ToHost defines the services that should get synced from virtual cluster to the host cluster. If services are
synced to a different namespace than the virtual cluster is in, additional permissions for the other namespace
are required.
toHost required object[] fromHost required object[]
FromHost defines the services that should get synced from the host to the virtual cluster.
fromHost required object[] resolveDNS required object[]
ResolveDNS allows to define extra DNS rules. This only works if embedded coredns is configured.
resolveDNS required object[] hostname required string
Hostname is the hostname within the vCluster that should be resolved from.
hostname required string service required string
Service is the virtual cluster service that should be resolved from.
service required string namespace required string
Namespace is the virtual cluster namespace that should be resolved from.
namespace required string target required object
Target is the DNS target that should get mapped to
target required object hostname required string
Hostname to use as a DNS target
hostname required string ip required string
IP to use as a DNS target
ip required string hostService required string
HostService to target, format is hostNamespace/hostService
hostService required string hostNamespace required string
HostNamespace to target
hostNamespace required string vClusterService required string
VClusterService format is hostNamespace/vClusterName/vClusterNamespace/vClusterService
vClusterService required string advanced required object
Advanced holds advanced network options.
advanced required object clusterDomain required string cluster.local
ClusterDomain is the Kubernetes cluster domain to use within the virtual cluster.
clusterDomain required string cluster.local fallbackHostCluster required boolean false
FallbackHostCluster allows to fallback dns to the host cluster. This is useful if you want to reach host services without
any other modification. You will need to provide a namespace for the service, e.g. my-other-service.my-other-namespace
fallbackHostCluster required boolean false proxyKubelets required object
ProxyKubelets allows rewriting certain metrics and stats from the Kubelet to "fake" this for applications such as
prometheus or other node exporters.
proxyKubelets required object byHostname required boolean true
ByHostname will add a special vCluster hostname to the nodes where the node can be reached at. This doesn't work
for all applications, e.g. Prometheus requires a node IP.
byHostname required boolean true byIP required boolean true
ByIP will create a separate service in the host cluster for every node that will point to virtual cluster and will be used to
route traffic.
byIP required boolean true