vcluster

Plugins

Plugins are a feature to extend the capabilities of vcluster. They allow you to add custom functionality, such as:

1. Syncing specific resources from or to the virtual clusters, including cluster scoped resources like cluster roles
2. Syncing custom resources from or to the virtual cluster
3. Deploying resources on virtual cluster startup, such as CRDs, applications, etc.
4. Manage resources and applications inside the host or virtual cluster
5. Enforcing certain restrictions on synced resources or extending the existing syncers of vcluster
6. Any other operator use case that could benefit from having access to the virtual cluster and the host cluster simultaneously.

For more information, please take a look at the vcluster docs.

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Directly execute a command with vcluster connect in same shell

vcluster now allows command execution with vcluster context in command vcluster connect. For example:

# Retrieve vcluster namespaces
vcluster connect test -n test -- kubectl get ns

# New shell with vcluster kube context
vcluster connect test -n test -- bash

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Support for PodDisruptionBudgets

vcluster now suports syncing of pod disruption budgets between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=poddisruptionbudgets

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: vcluster create can now use urls as value for -f flags
• cli: New command vcluster get service-cidr to print the current clusters service cidr
• cli: Notify the user about incompatible workdir file when running vcluster create
• cli: vcluster connect will now use a random port locally to avoid port conflicts if no --local-port flag is specified.
• cli: Added shortcut -s for global flag --silent
• syncer: Use vcluster service as owner instead of deployment / statefulset, because we can set the controller: true in the owner reference for it, which allows node draining (drain #273)
• syncer: Fixed an issue where webhooks were not correctly resolved in vcluster
• syncer: Start controllers after api server started
• syncer: Fixed syncer cache race condition after Service creation
• syncer: Improved node / pod syncer logic to make it more robust
• chart: Fixed a problem where k3s would not startup correctly on cgroupsv2 nodes (#264)
• other: vcluster now uses cosign to sign its images and binaries (#220). Thanks @developer-guy for your contribution!
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Directly execute a command with vcluster connect in same shell

vcluster now allows command execution with vcluster context in command vcluster connect. For example:

# Retrieve vcluster namespaces
vcluster connect test -n test -- kubectl get ns

# New shell with vcluster kube context
vcluster connect test -n test -- bash

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: New command vcluster get service-cidr to print the current clusters service cidr
• cli: Notify the user about incompatible workdir file when running vcluster create
• cli: vcluster connect will now use a random port locally to avoid port conflicts if no --local-port flag is specified.
• cli: Added shortcut -s for global flag --silent
• syncer: Use vcluster service as owner instead of deployment / statefulset, because we can set the controller: true in the owner reference for it, which allows node draining (drain #273)
• syncer: Fixed an issue where webhooks were not correctly resolved in vcluster
• syncer: Start controllers after api server started
• syncer: Fixed syncer cache race condition after Service creation
• syncer: Improved node / pod syncer logic to make it more robust
• chart: Fixed a problem where k3s would not startup correctly on cgroupsv2 nodes (#264)
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Changes

• syncer: Fixed an issue where vcluster would incorrectly route pod exec, attach and port-forwarding admission requests

Changes

• syncer: Fixed an issue where vcluster would incorrectly route pod exec, attach and port-forwarding admission requests

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: Notify the user about incompatible workdir file when running vcluster create
• cli: Add v1.23 support for k3s
• syncer: Start controllers after api server started
• syncer: Fixed syncer cache race condition after Service creation
• chart: Fixed a problem where k3s would not startup correctly on cgroupsv2 nodes (#264)
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: Notify the user about incompatible workdir file when running vcluster create
• cli: Add v1.23 support for k3s
• syncer: Start controllers after api server started
• syncer: Fixed syncer cache race condition after Service creation
• chart: Fixed a problem where k3s would not startup correctly on cgroupsv2 nodes (#264)
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Changes

• Added support for k3s v1.22 & v1.23
• Fixed an issue where k3s wouldn't start correctly (#264)
• Fixed syncer cache race condition after Service creation

Changes

• Added support for k3s v1.22 & v1.23
• Fixed an issue where k3s wouldn't start correctly (#264)
• Fixed syncer cache race condition after Service creation

Changes

• Added support for k3s v1.22 & v1.23
• Fixed an issue where k3s wouldn't start correctly (#264)

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: Add v1.23 support for k3s
• syncer: Start controllers after api server started
• chart: Fixed a problem where k3s would not startup correctly on cgroupsv2 nodes (#264)
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Changes

• cli: Removed k3s v1.22 support until #264 is fixed
• syncer: Wait for api server before starting controllers

Changes

• cli: Removed k3s v1.22 support until #264 is fixed
• syncer: Wait for api server before starting controllers

Changes

• cli: Removed k3s v1.22 support until #264 is fixed

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• cli: Removed k3s v1.22 support as it currently breaks on startup
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

Pause and Resume vclusters

vcluster is now able to pause and resume. Pausing a vcluster means to temporarily scale down the vcluster and delete all its created workloads on the host cluster. This can be useful to save computing resources used by vcluster workloads in the host cluster.

For more information please checkout the vcluster docs

Expiring kube configs & automatic service account creation

vcluster is now able to automatically create service account tokens for generated kube configs, which allow you to easily create kube configs for other vcluster users that should not be cluster admin. For example:

# Create a kube config for a cluster viewer
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view

# OR: create a kube config for a cluster admin
vcluster connect my-vcluster -n my-vcluster --service-account admin --cluster-role cluster-admin

# OR: create a kube config that expires after an hour
vcluster connect my-vcluster -n my-vcluster --service-account viewer --cluster-role view --token-expiration 3600

This makes it also possible to use vcluster more easily without ingresses that require ssl passthrough. For more information please checkout the vcluster access docs and vcluster ingress docs

Support for VolumeSnapshots

vcluster now supports syncing of volume snapshots between the host and virtual cluster, that can be enabled via a values.yaml:

rbac:
  clusterRole:
    enabled: true
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=volumesnapshots

and then used via:

vcluster create ... -f values.yaml

Other Changes

• cli: New flag --insecure for vcluster connect to create a kube config with insecure-skip-tls-verify
• other: For each release there will be a new vcluster-images.txt which holds all the needed images by vcluster. In addition, we include two scripts to download and push the needed images automatically

!! BREAKING CHANGES !!

vcluster will now deploy coredns itself instead of depending on the k3s coredns deployment. This makes it possible to customize the coredns deployment (e.g. for rootless mode) and also support other kubernetes distributions besides k3s. However, this will break the current coredns deployment created by k3s.

This means that after you have upgraded vcluster from an v0.4.x version, you need to delete the coredns deployment inside vcluster and then restart vcluster by deleting the vcluster pod to let it redeploy the correct coredns deployment:

# Delete coredns deployment inside vcluster
export KUBECONFIG=vcluster-kubeconfig.yaml
kubectl delete deployment coredns -n kube-system

# Restart vcluster by deleting its pod
export KUBECONFIG=host-kubeconfig.yaml
kubectl delete pod vcluster-pod-0 -n vcluster-namespace

Support for k0s and vanilla k8s virtual Kubernetes Clusters

vcluster now supports creating k0s and vanilla k8s virtual Kubernetes clusters instead of k3s. You can now specify the target virtual Kubernetes cluster distribution via the --distro flag in vcluster create. For vanilla k8s there is now also a high availability mode.

Examples:

# Create a virtual k3s Kubernetes cluster
vcluster create my-vcluster -n my-vcluster

# Create a virtual k0s Kubernetes cluster 
vcluster create my-vcluster -n my-vcluster --distro k0s

# Create a virtual k8s Kubernetes cluster with kubernetes version v1.20
vcluster create my-vcluster -n my-vcluster --distro k8s --kubernetes-version v1.20

Support for NetworkPolicies

vcluster is now able to sync networkpolicies created within the vcluster to the host cluster. To enable networkpolicies, create a values.yaml with:

rbac:
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=networkpolicies

and then create the vcluster with:

vcluster create my-vcluster -n my-vcluster -f values.yaml

Other Changes

• cli: Added support for k8s v1.23
• cli: Deprecation of vcluster create flags --release-values and --k3s-image. Use --extra-values instead
• cli: Changed default value of vcluster create flag --upgrade from true to false. vcluster will not try to upgrade an existing vcluster by default anymore
• cli: New flag --kubernetes-version for vcluster create to override the kubernetes version used for creating the vcluster.
• chart: New helm chart to deploy vcluster with k0s instead of k3s (#167) (see docs for more information)
• chart: New helm chart to deploy vcluster with vanilla k8s instead of k3s (see docs for more information)
• chart: Added support for rootless mode (see docs for more information)
• chart: New option defaultImageRegistry that allows you to specify an image registry that should be prepended to all deployed system pods by vcluster
• chart: Added support for openshift v4 for k3s distro
• syncer: Renamed flag --fake-kubelets to --disable-fake-kubelets that makes it easier to understand how to disable fake kubelets as they are enabled by default. --fake-kubelets still exists and will be migrated automatically
• syncer: New flag --sync that defines enabled or disabled sync controllers similar to --controllers of kube-controller-manager. Examples:
  • Default sync resources: --sync=''
  • Disable ingresses: --sync=-ingresses
  • Sync real nodes: --sync=nodes
  • Sync real persistent volumes: --sync=persistentvolumes
  • Sync storage classes and persistent volumes: --sync=storageclasses,persistentvolumes
  • Synced by default: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,persistentvolumeclaims,pods,fake-nodes
  • All available options: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,nodes,persistentvolumeclaims,priorityclasses,pods,fake-nodes,persistentvolumes,storageclasses
• syncer: Deprecated flags --fake-kubelets, --disable-sync-resources, --enable-priority-classes, --enable-storage-classes, --fake-nodes and --fake-persistent-volumes
• syncer: New flag --name that specifies the vcluster name (replaces --suffix)
• syncer: vcluster will now expose the ca cert, client cert and client key in the kube config secret (thanks @janwillies) (#226)
• syncer: Fixed an issue where pod service link variables could be duplicated
• syncer: Deprecated flag --suffix, use --name instead
• syncer: Flag --service-name now defaults to --name if omitted
• syncer: Flag --set-owner now defaults to true and vcluster does not fail if setting the owner is not possible
• syncer: Fixed an issue where healthCheckNodePort was not correctly synced (#240)
• syncer: Fixed an issue where nodes wouldn't get deleted correctly
• syncer: Fixed an issue where vcluster would return a conflict error instead of already exists during service create
• syncer: Fixed an error where vcluster would not correctly sync nodes and create node services (#214)
• syncer: Removed flag --service-namespace as this would break vcluster if it's not the same value as current vcluster namespace
• syncer: Fixed an issue where glusterfs volume endpoints would not get correctly translated
• syncer: Fixed an issue where vcluster couldn't find the current pod if the flag --target-namespace was provided (#214)
• syncer: New flag --leader-elect that defaults to false to avoid unnecessary leader election
• build: Removed file name from the sha256 files (thanks @developer-guy)

!! BREAKING CHANGES !!

vcluster will now deploy coredns itself instead of depending on the k3s coredns deployment. This makes it possible to customize the coredns deployment (e.g. for rootless mode) and also support other kubernetes distributions besides k3s. However, this will break the current coredns deployment created by k3s.

This means that after you have upgraded vcluster from an v0.4.x version, you need to delete the coredns deployment inside vcluster and then restart vcluster by deleting the vcluster pod to let it redeploy the correct coredns deployment:

# Delete coredns deployment inside vcluster
export KUBECONFIG=vcluster-kubeconfig.yaml
kubectl delete deployment coredns -n kube-system

# Restart vcluster by deleting its pod
export KUBECONFIG=host-kubeconfig.yaml
kubectl delete pod vcluster-pod-0 -n vcluster-namespace

Support for k0s and vanilla k8s virtual Kubernetes Clusters

vcluster now supports creating k0s and vanilla k8s virtual Kubernetes clusters instead of k3s. You can now specify the target virtual Kubernetes cluster distribution via the --distro flag in vcluster create. For vanilla k8s there is now also a high availability mode.

Examples:

# Create a virtual k3s Kubernetes cluster
vcluster create my-vcluster -n my-vcluster

# Create a virtual k0s Kubernetes cluster 
vcluster create my-vcluster -n my-vcluster --distro k0s

# Create a virtual k8s Kubernetes cluster with kubernetes version v1.20
vcluster create my-vcluster -n my-vcluster --distro k8s --kubernetes-version v1.20

Support for NetworkPolicies

vcluster is now able to sync networkpolicies created within the vcluster to the host cluster. To enable networkpolicies, create a values.yaml with:

rbac:
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=networkpolicies

and then create the vcluster with:

vcluster create my-vcluster -n my-vcluster -f values.yaml

Other Changes

• cli: Added support for k8s v1.23
• cli: Deprecation of vcluster create flags --release-values and --k3s-image. Use --extra-values instead
• cli: Changed default value of vcluster create flag --upgrade from true to false. vcluster will not try to upgrade an existing vcluster by default anymore
• cli: New flag --kubernetes-version for vcluster create to override the kubernetes version used for creating the vcluster.
• chart: New helm chart to deploy vcluster with k0s instead of k3s (#167) (see docs for more information)
• chart: New helm chart to deploy vcluster with vanilla k8s instead of k3s (see docs for more information)
• chart: Added support for rootless mode (see docs for more information)
• chart: New option defaultImageRegistry that allows you to specify an image registry that should be prepended to all deployed system pods by vcluster
• chart: Added support for openshift v4 for k3s distro
• syncer: Renamed flag --fake-kubelets to --disable-fake-kubelets that makes it easier to understand how to disable fake kubelets as they are enabled by default. --fake-kubelets still exists and will be migrated automatically
• syncer: New flag --sync that defines enabled or disabled sync controllers similar to --controllers of kube-controller-manager. Examples:
  • Default sync resources: --sync=''
  • Disable ingresses: --sync=-ingresses
  • Sync real nodes: --sync=nodes
  • Sync real persistent volumes: --sync=persistentvolumes
  • Sync storage classes and persistent volumes: --sync=storageclasses,persistentvolumes
  • Synced by default: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,persistentvolumeclaims,pods,fake-nodes
  • All available options: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,nodes,persistentvolumeclaims,priorityclasses,pods,fake-nodes,persistentvolumes,storageclasses
• syncer: Deprecated flags --fake-kubelets, --disable-sync-resources, --enable-priority-classes, --enable-storage-classes, --fake-nodes and --fake-persistent-volumes
• syncer: New flag --name that specifies the vcluster name (replaces --suffix)
• syncer: vcluster will now expose the ca cert, client cert and client key in the kube config secret (thanks @janwillies) (#226)
• syncer: Fixed an issue where pod service link variables could be duplicated
• syncer: Deprecated flag --suffix, use --name instead
• syncer: Flag --service-name now defaults to --name if omitted
• syncer: Flag --set-owner now defaults to true and vcluster does not fail if setting the owner is not possible
• syncer: Fixed an issue where healthCheckNodePort was not correctly synced (#240)
• syncer: Fixed an issue where nodes wouldn't get deleted correctly
• syncer: Fixed an issue where vcluster would return a conflict error instead of already exists during service create
• syncer: Fixed an error where vcluster would not correctly sync nodes and create node services (#214)
• syncer: Removed flag --service-namespace as this would break vcluster if it's not the same value as current vcluster namespace
• syncer: Fixed an issue where glusterfs volume endpoints would not get correctly translated
• syncer: Fixed an issue where vcluster couldn't find the current pod if the flag --target-namespace was provided (#214)
• syncer: New flag --leader-elect that defaults to false to avoid unnecessary leader election
• build: Removed file name from the sha256 files (thanks @developer-guy)

!! BREAKING CHANGES !!

vcluster will now deploy coredns itself instead of depending on the k3s coredns deployment. This makes it possible to customize the coredns deployment (e.g. for rootless mode) and also support other kubernetes distributions besides k3s. However, this will break the current coredns deployment created by k3s.

This means that after you have upgraded vcluster from an v0.4.x version, you need to delete the coredns deployment inside vcluster and then restart vcluster by deleting the vcluster pod to let it redeploy the correct coredns deployment:

# Delete coredns deployment inside vcluster
export KUBECONFIG=vcluster-kubeconfig.yaml
kubectl delete deployment coredns -n kube-system

# Restart vcluster by deleting its pod
export KUBECONFIG=host-kubeconfig.yaml
kubectl delete pod vcluster-pod-0 -n vcluster-namespace

Support for k0s and vanilla k8s virtual Kubernetes Clusters

vcluster now supports creating k0s and vanilla k8s virtual Kubernetes clusters instead of k3s. You can now specify the target virtual Kubernetes cluster distribution via the --distro flag in vcluster create. For vanilla k8s there is now also a high availability mode.

Examples:

# Create a virtual k3s Kubernetes cluster
vcluster create my-vcluster -n my-vcluster

# Create a virtual k0s Kubernetes cluster 
vcluster create my-vcluster -n my-vcluster --distro k0s

# Create a virtual k8s Kubernetes cluster with kubernetes version v1.20
vcluster create my-vcluster -n my-vcluster --distro k8s --kubernetes-version v1.20

Support for NetworkPolicies

vcluster is now able to sync networkpolicies created within the vcluster to the host cluster. To enable networkpolicies, create a values.yaml with:

rbac:
  role:
    extended: true

syncer:
  extraArgs:
  - --sync=networkpolicies

and then create the vcluster with:

vcluster create my-vcluster -n my-vcluster -f values.yaml

Other Changes

• cli: Deprecation of vcluster create flags --release-values and --k3s-image. Use --extra-values instead
• cli: Changed default value of vcluster create flag --upgrade from true to false. vcluster will not try to upgrade an existing vcluster by default anymore
• cli: New flag --kubernetes-version for vcluster create to override the kubernetes version used for creating the vcluster.
• chart: New helm chart to deploy vcluster with k0s instead of k3s (#167) (see docs for more information)
• chart: New helm chart to deploy vcluster with vanilla k8s instead of k3s (see docs for more information)
• chart: Added support for rootless mode (see docs for more information)
• chart: New option defaultImageRegistry that allows you to specify an image registry that should be prepended to all deployed system pods by vcluster
• chart: Added support for openshift v4 for k3s distro
• syncer: Renamed flag --fake-kubelets to --disable-fake-kubelets that makes it easier to understand how to disable fake kubelets as they are enabled by default. --fake-kubelets still exists and will be migrated automatically
• syncer: New flag --sync that defines enabled or disabled sync controllers similar to --controllers of kube-controller-manager. Examples:
  • Default sync resources: --sync=''
  • Disable ingresses: --sync=-ingresses
  • Sync real nodes: --sync=nodes
  • Sync real persistent volumes: --sync=persistentvolumes
  • Sync storage classes and persistent volumes: --sync=storageclasses,persistentvolumes
  • Synced by default: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,persistentvolumeclaims,pods,fake-nodes
  • All available options: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,nodes,persistentvolumeclaims,priorityclasses,pods,fake-nodes,persistentvolumes,storageclasses
• syncer: Deprecated flags --fake-kubelets, --disable-sync-resources, --enable-priority-classes, --enable-storage-classes, --fake-nodes and --fake-persistent-volumes
• syncer: New flag --name that specifies the vcluster name (replaces --suffix)
• syncer: vcluster will now expose the ca cert, client cert and client key in the kube config secret (thanks @janwillies) (#226)
• syncer: Fixed an issue where pod service link variables could be duplicated
• syncer: Deprecated flag --suffix, use --name instead
• syncer: Flag --service-name now defaults to --name if omitted
• syncer: Flag --set-owner now defaults to true and vcluster does not fail if setting the owner is not possible
• syncer: Fixed an issue where healthCheckNodePort was not correctly synced (#240)
• syncer: Fixed an issue where nodes wouldn't get deleted correctly
• syncer: Fixed an issue where vcluster would return a conflict error instead of already exists during service create
• syncer: Fixed an error where vcluster would not correctly sync nodes and create node services (#214)
• syncer: Removed flag --service-namespace as this would break vcluster if it's not the same value as current vcluster namespace
• syncer: Fixed an issue where glusterfs volume endpoints would not get correctly translated
• syncer: Fixed an issue where vcluster couldn't find the current pod if the flag --target-namespace was provided (#214)
• syncer: New flag --leader-elect that defaults to false to avoid unnecessary leader election
• build: Removed file name from the sha256 files (thanks @developer-guy)

!! BREAKING CHANGES !!

vcluster will now deploy coredns itself instead of depending on the k3s coredns deployment. This makes it possible to customize the coredns deployment (e.g. for rootless mode) and also support other kubernetes distributions besides k3s. However, this will break the current coredns deployment created by k3s.

This means that after you have upgraded vcluster from an v0.4.x version, you need to delete the coredns deployment inside vcluster and then restart vcluster by deleting the vcluster pod to let it redeploy the correct coredns deployment:

# Delete coredns deployment inside vcluster
export KUBECONFIG=vcluster-kubeconfig.yaml
kubectl delete deployment coredns -n kube-system

# Restart vcluster by deleting its pod
export KUBECONFIG=host-kubeconfig.yaml
kubectl delete pod vcluster-pod-0 -n vcluster-namespace

Support for k0s and vanilla k8s virtual Kubernetes Clusters

vcluster now supports creating k0s and vanilla k8s virtual Kubernetes clusters instead of k3s. You can now specify the target virtual Kubernetes cluster distribution via the --distro flag in vcluster create. For vanilla k8s there is now also a high availability mode.

Examples:

# Create a virtual k3s Kubernetes cluster
vcluster create my-vcluster -n my-vcluster

# Create a virtual k0s Kubernetes cluster 
vcluster create my-vcluster -n my-vcluster --distro k0s

# Create a virtual k8s Kubernetes cluster with kubernetes version v1.20
vcluster create my-vcluster -n my-vcluster --distro k8s --kubernetes-version v1.20

Other Changes

• cli: Deprecation of vcluster create flags --release-values and --k3s-image. Use --extra-values instead
• cli: Changed default value of vcluster create flag --upgrade from true to false. vcluster will not try to upgrade an existing vcluster by default anymore
• cli: New flag --kubernetes-version for vcluster create to override the kubernetes version used for creating the vcluster.
• chart: New helm chart to deploy vcluster with k0s instead of k3s (#167) (see docs for more information)
• chart: New helm chart to deploy vcluster with vanilla k8s instead of k3s (see docs for more information)
• chart: Added support for rootless mode (see docs for more information)
• chart: New option defaultImageRegistry that allows you to specify an image registry that should be prepended to all deployed system pods by vcluster
• chart: Added support for openshift v4 for k3s distro
• syncer: Renamed flag --fake-kubelets to --disable-fake-kubelets that makes it easier to understand how to disable fake kubelets as they are enabled by default. --fake-kubelets still exists and will be migrated automatically
• syncer: New flag --sync that defines enabled or disabled sync controllers similar to --controllers of kube-controller-manager. Examples:
  • Default sync resources: --sync=''
  • Disable ingresses: --sync=-ingresses
  • Sync real nodes: --sync=nodes
  • Sync real persistent volumes: --sync=persistentvolumes
  • Sync storage classes and persistent volumes: --sync=storageclasses,persistentvolumes
  • Synced by default: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,persistentvolumeclaims,pods,fake-nodes
  • All available options: secrets,services,configmaps,endpoints,events,fake-persistentvolumes,ingresses,nodes,persistentvolumeclaims,priorityclasses,pods,fake-nodes,persistentvolumes,storageclasses
• syncer: Deprecated flags --fake-kubelets, --disable-sync-resources, --enable-priority-classes, --enable-storage-classes, --fake-nodes and --fake-persistent-volumes
• syncer: New flag --name that specifies the vcluster name (replaces --suffix)
• syncer: vcluster will now expose the ca cert, client cert and client key in the kube config secret (thanks @janwillies) (#226)
• syncer: Fixed an issue where pod service link variables could be duplicated
• syncer: Deprecated flag --suffix, use --name instead
• syncer: Flag --service-name now defaults to --name if omitted
• syncer: Flag --set-owner now defaults to true and vcluster does not fail if setting the owner is not possible
• syncer: Fixed an issue where nodes wouldn't get deleted correctly
• syncer: Fixed an issue where vcluster would return a conflict error instead of already exists during service create
• syncer: Fixed an error where vcluster would not correctly sync nodes and create node services (#214)
• syncer: Removed flag --service-namespace as this would break vcluster if it's not the same value as current vcluster namespace
• syncer: Fixed an issue where glusterfs volume endpoints would not get correctly translated
• syncer: Fixed an issue where vcluster couldn't find the current pod if the flag --target-namespace was provided (#214)
• syncer: New flag --leader-elect that defaults to false to avoid unnecessary leader election
• build: Removed file name from the sha256 files (thanks @developer-guy)