Skip to main content
Version: main 🚧

Advanced networking

Supported Configurations
Running the control plane as a container with:

Each vCluster has its own DNS service, which is CoreDNS by default. DNS allows pods in the tenant cluster to get the IP addresses of services that are also running in the tenant cluster. The syncer ensures that the intuitive naming logic of Kubernetes DNS names for services applies, and that users can connect to these DNS names, which map to the IP address of the synchronized services that are present in the control plane cluster.

However, this also means that you cannot directly access host services inside the tenant cluster via DNS. Host pods can only access tenant cluster services by their synced name. vCluster offers a feature to map services from the tenant cluster to the control plane cluster and vice versa.

Fallback to Host DNS

When you enable fallbackHostCluster, vCluster falls back to the control plane cluster's DNS for resolving domains. This is useful if the control plane cluster is using Istio or Dapr and the sidecar containers cannot connect to the central instance. It is also useful if you want to access the control plane cluster services from within the tenant cluster.

proxyKubelets

The proxyKubelets section replaces --fake-kubelet-ips and --disable-fake-kubelets.

You may need to configure proxyKubelets for proper resolution of Kubelet metrics when using Prometheus.

Config reference​

advanced required object ​

Advanced holds advanced network options.

clusterDomain required string cluster.local ​

ClusterDomain is the Kubernetes cluster domain to use within the virtual cluster.

fallbackHostCluster required boolean false ​

FallbackHostCluster allows to fallback dns to the host cluster. This is useful if you want to reach host services without any other modification. You will need to provide a namespace for the service, e.g. my-other-service.my-other-namespace

proxyKubelets required object ​

ProxyKubelets allows rewriting certain metrics and stats from the Kubelet to "fake" this for applications such as prometheus or other node exporters.

byHostname required boolean true ​

ByHostname will add a special vCluster hostname to the nodes where the node can be reached at. This doesn't work for all applications, e.g. Prometheus requires a node IP.

byIP required boolean true ​

ByIP will create a separate service in the host cluster for every node that will point to virtual cluster and will be used to route traffic.