### Expected Installation Output Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/environments/azure.mdx This is an example of the output you can expect during the platform installation, including terms of service and a prompt for your email. ```bash By providing your email, you accept our Terms of Service and Privacy Statement: Terms of Service: https://www.loft.sh/legal/terms Privacy Statement: https://www.loft.sh/legal/privacy ? Please specify an email address for the admin user ``` -------------------------------- ### Example: Start vcluster ui Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_ui.md This example shows how to open the vCluster platform web UI. Simply execute the command without any flags. ```bash vcluster ui ``` -------------------------------- ### Install platform without starting Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/maintenance/backup-restore/preserve-license.mdx Install the vCluster Platform using Helm with replicaCount set to 0. This ensures the platform is installed but does not start, allowing for certificate restoration before it initializes. ```bash helm upgrade --install vcluster-platform vcluster-platform \ --repo https://charts.loft.sh \ --namespace vcluster-platform \ --create-namespace \ --set replicaCount=0 \ --version ``` -------------------------------- ### Install etcd/client/v3 Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/go.etcd.io/etcd/client/v3/README.md Install the official Go etcd client for v3 using go get. ```bash go get go.etcd.io/etcd/client/v3 ``` -------------------------------- ### Install Platform with CLI Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/administer/clusters/advanced/external-database/kerberos.mdx Use the vCluster CLI to start the platform with a specified values file for Kerberos configuration. ```bash vcluster platform start \ --namespace vcluster-platform \ --values platform-kerberos-values.yaml ``` -------------------------------- ### Install go-ordered-map Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/wk8/go-ordered-map/v2/README.md Use 'go get' to install the latest version of the library. ```bash go get -u github.com/wk8/go-ordered-map/v2 ``` -------------------------------- ### Install go.yaml.in/yaml/v3 Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/go.yaml.in/yaml/v3/README.md Use 'go get' to install the latest version of the yaml package. ```bash go get go.yaml.in/yaml/v3 ``` -------------------------------- ### vCluster Installation Output Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/binary/manage.mdx Example output indicating a successful reset of the vCluster installation. ```bash ๐Ÿงน Resetting vCluster installation... โœ… Reset complete. ``` -------------------------------- ### Install Cobra Library Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/spf13/cobra/README.md Use 'go get' to install the latest version of the Cobra library. ```bash go get -u github.com/spf13/cobra@latest ``` -------------------------------- ### Example vCluster Platform values.yaml Configuration Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/configure/introduction.mdx This example demonstrates the structure of the `values.yaml` file for the `vcluster-platform` Helm chart, showcasing how to configure installation options, platform settings, and agent configurations. ```yaml # Installation options (top-level) replicaCount: 2 resources: requests: memory: 512Mi cpu: 400m admin: create: true username: my-admin-user password: my-secure-password ingress: enabled: true host: platform.example.com # Platform configs (inside config section) config: loftHost: platform.example.com audit: enabled: true auth: github: clientId: $CLIENT_ID # Agent settings (top-level) agentValues: resources: requests: memory: 256Mi # Security contexts for agent pods securityContext: runAsNonRoot: true runAsUser: 1001 podSecurityContext: fsGroup: 2001 ``` -------------------------------- ### Install and Run Local Go Doc Site Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md Installs and runs a local Go documentation site using pkgsite. Ensure you have the latest version installed. ```sh go install golang.org/x/pkgsite/cmd/pkgsite@latest pkgsite ``` -------------------------------- ### Example Output on Worker Node Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/worker-nodes/private-nodes/join.mdx This output shows the successful preparation, installation, and joining of a worker node to the vCluster. It includes pre-flight checks and confirmation messages. ```bash Preparing node for Kubernetes installation... Kubernetes version: v1.31.2 Installing Kubernetes binaries... Enabling containerd and kubelet... Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service โ†’ /etc/systemd/system/containerd.service. Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service โ†’ /etc/systemd/system/kubelet.service. Starting containerd and kubelet... Installation successful! Joining node into cluster... [preflight] Running pre-flight checks [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster. ``` -------------------------------- ### Example output of kubectl get nodes Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/environments/gcp.mdx An example output showing the nodes that are ready in the GKE cluster, confirming successful creation. ```bash NAME STATUS ROLES AGE VERSION gke-vcluster-demo-default-pool-a1b2c3d4-e5f6 Ready 5m v1.30.5-gke.1443001 gke-vcluster-demo-default-pool-a1b2c3d4-g7h8 Ready 5m v1.30.5-gke.1443001 ``` -------------------------------- ### Install and Import kubernetes-sigs/yaml Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/sigs.k8s.io/yaml/README.md Install the package using go get and import it into your Go projects. ```bash go get sigs.k8s.io/yaml ``` ```go import "sigs.k8s.io/yaml" ``` -------------------------------- ### Install Dependencies Source: https://github.com/loft-sh/vcluster-docs/blob/main/README.md Installs all necessary dependencies for local development. Run this command first. ```bash npm install ``` -------------------------------- ### vcluster platform get secret Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_platform_get_secret.md Demonstrates how to retrieve project or shared secrets. Examples show retrieving a specific secret key and retrieving a secret within a specified project. ```bash vcluster platform get secret test-secret.key vcluster platform get secret test-secret.key --project myproject ``` -------------------------------- ### Complete vcluster.yaml for Air-gapped Deployment Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/docker-container/air-gapped.mdx This example combines all configurable layers for an air-gapped vcluster setup. Replace placeholder values for registry, version, and path according to your environment's specific needs. ```yaml controlPlane: advanced: defaultImageRegistry: [[GLOBAL:REGISTRY]]/vcluster/ experimental: docker: image: [[GLOBAL:REGISTRY]]/vind:v[[GLOBAL:VCLUSTER_VERSION]]-airgapped volumes: - "[[VAR:HOST_PATH:/path/to/registries.yaml]]:/etc/rancher/k3s/registries.yaml" sync: toHost: pods: rewriteHosts: initContainer: image: registry: [[GLOBAL:REGISTRY]] repository: library/alpine tag: "3.20" ``` -------------------------------- ### List vcluster platform projects Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_platform_list_projects.md Demonstrates how to list all vcluster platform projects you have access to. ```bash vcluster platform list projects ``` -------------------------------- ### Install multierr Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/go.uber.org/multierr/README.md Install the latest version of the multierr package using go get. ```bash go get -u go.uber.org/multierr@latest ``` -------------------------------- ### Start the platform with Nginx Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/_partials/install/external-access-nginx-start.mdx Use this command to start the vCluster platform. Ensure you replace `vcluster-platform.mydomain.tld` with your actual domain name. ```yaml vcluster platform start --host=vcluster-platform.mydomain.tld ``` -------------------------------- ### Install json-iterator/go Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/json-iterator/go/README.md Use the go get command to install the json-iterator/go library. This command fetches and installs the specified package and its dependencies. ```bash go get github.com/json-iterator/go ``` -------------------------------- ### Start the platform Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/maintenance/backup-restore/preserve-license.mdx Scale the platform deployment to 1 replica to start the vCluster Platform with the restored certificate. This ensures the platform initializes with the original instance ID and valid license. ```bash helm upgrade vcluster-platform vcluster-platform \ --repo https://charts.loft.sh \ --namespace vcluster-platform \ --reuse-values \ --set replicaCount=1 ``` -------------------------------- ### Install gziphandler Package Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/NYTimes/gziphandler/README.md Use 'go get' to install the gziphandler package. This command fetches and installs the latest version of the package. ```bash go get -u github.com/NYTimes/gziphandler ``` -------------------------------- ### Recommended values.yaml and config section. Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/helm.mdx Example `values.yaml` snippet showing recommended settings for admin credentials, Loft host, and ingress configuration. ```yaml admin: username: my-own-username password: my-admin-password config: audit: enabled: true loftHost: vcluster-platform.mytld.com ingress: enabled: true host: vcluster-platform.mytld.com ``` -------------------------------- ### Basic GitHub Actions Workflow with setup-vind Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/integrations/setup-vind.mdx This workflow demonstrates the basic usage of the setup-vind action in a GitHub Actions job. It checks out the code, sets up vCluster, and then runs kubectl commands and a make target. ```yaml name: E2E Tests on: pull_request: branches: [main] jobs: e2e: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: loft-sh/setup-vind@v1 - run: kubectl get nodes - run: make e2e ``` -------------------------------- ### Example API Server Output for Service Account Key File Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/host-nodes/1-control-plane-components.mdx This is an example output from `ps -ef | grep kube-apiserver` showing the `--service-account-key-file` argument. ```text 45 root 0:01 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false ``` -------------------------------- ### Install Pluralize Command Line Tool Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/gertd/go-pluralize/README.md Install the command-line interface for go-pluralize using 'go get'. ```bash go get -x github.com/gertd/go-pluralize/cmd/pluralize ``` -------------------------------- ### vcluster connect Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_connect.md Demonstrates different ways to use the vcluster connect command, including opening a new shell or executing commands within the virtual cluster. ```bash vcluster connect test --namespace test ``` ```bash # Open a new bash with the vcluster KUBECONFIG defined vcluster connect test -n test -- bash ``` ```bash vcluster connect test -n test -- kubectl get ns ``` -------------------------------- ### Check example in vCluster after update Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/_fragments/sync-from-host-namespaced-custom-resources-example.mdx Retrieve the 'examples.demo.loft.sh' Custom Resource from the 'default' namespace in the tenant cluster to verify that the replica count has been updated. ```bash kubectl --context="${VCLUSTER_CTX}" get --namespace default examples.demo.sh ``` -------------------------------- ### Reset vCluster Platform Installation Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/use-platform/troubleshooting/troubleshooting.mdx Use the `--reset` flag with `vcluster platform start` to perform a clean installation of vCluster Platform, purging any previous installations. ```bash vcluster platform start --reset # --insecure ...add any other `vcluster platform start` flags if needed ``` -------------------------------- ### vcluster restore Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_restore.md Demonstrates how to restore a vcluster from different storage locations and configurations. ```bash # Restore from oci image vcluster restore my-vcluster oci://ghcr.io/my-user/my-repo:my-tag ``` ```bash # Restore from s3 bucket vcluster restore my-vcluster s3://my-bucket/my-bucket-key ``` ```bash # Restore from vCluster container filesystem vcluster restore my-vcluster container:///data/my-local-snapshot.tar.gz ``` ```bash # Restore a Docker-based vCluster from a local snapshot file vcluster restore my-vcluster ./my-snapshot.tar.gz --driver docker ``` ```bash # Restore with a different name vcluster restore my-new-name ./my-snapshot.tar.gz --driver docker ``` -------------------------------- ### Initialize Procfs and Get Stat Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/prometheus/procfs/README.md Initializes the proc filesystem and retrieves CPU statistics. Use this to get started with basic /proc metrics. ```go fs, err := procfs.NewFS("/proc") stats, err := fs.Stat() ``` -------------------------------- ### vcluster snapshot create Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_snapshot_create.md Demonstrates various ways to create a snapshot of a virtual cluster, including different storage destinations and driver options. Use these examples to understand how to specify the snapshot target and any specific configurations. ```bash # Snapshot to oci image vcluster snapshot create my-vcluster oci://ghcr.io/my-user/my-repo:my-tag ``` ```bash # Snapshot to s3 bucket vcluster snapshot create my-vcluster s3://my-bucket/my-bucket-key ``` ```bash # Snapshot to vCluster container filesystem vcluster snapshot create my-vcluster container:///data/my-local-snapshot.tar.gz ``` ```bash # Snapshot a Docker-based vCluster to a local file vcluster snapshot create my-vcluster ./my-snapshot.tar.gz --driver docker ``` ```bash # Snapshot with auto-generated filename (my-vcluster-snapshot-.tar.gz) vcluster snapshot create my-vcluster --driver docker ``` -------------------------------- ### Example Audit Event Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/manage/logging.mdx An example of a single-line JSON object representing an audit event. This event captures metadata about a GET request to retrieve secrets. ```json {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"a3d3e5f0-1b2c-4d5e-9f0a-1b2c3d4e5f6a","stage":"ResponseComplete","requestURI":"/api/v1/namespaces/default/secrets","verb":"get","user":{"username":"admin","groups":["system:masters","system:authenticated"]},"sourceIPs":["10.0.0.1"],"objectRef":{"resource":"secrets","namespace":"default","name":"db-credentials","apiVersion":"v1"},"responseStatus":{"code":200},"requestReceivedTimestamp":"2025-06-16T09:20:56.123456Z","stageTimestamp":"2025-06-16T09:20:56.145678Z","annotations":{"authorization.k8s.io/decision":"allow"}} ``` -------------------------------- ### Create example in the host Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/_fragments/sync-from-host-namespaced-custom-resources-example.mdx Apply the 'example-cr.yaml' file to the control plane cluster using kubectl to create the Example Custom Resource. ```bash kubectl --context="${HOST_CTX}" create -f example-cr.yaml ``` -------------------------------- ### Install go-pluralize Module Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/gertd/go-pluralize/README.md Use 'go get' to install the latest version of the go-pluralize module. To lock down a specific version, append '@vX.Y.Z' to the package path. ```bash go get -u github.com/gertd/go-pluralize ``` ```bash go get -u github.com/gertd/go-pluralize@v0.2.0 ``` -------------------------------- ### Install json-patch v4 Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/gopkg.in/evanphx/json-patch.v4/README.md Use this command to get version 4 of the json-patch library. ```bash go get -u gopkg.in/evanphx/json-patch.v4 ``` -------------------------------- ### Install json-patch v5 Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/gopkg.in/evanphx/json-patch.v4/README.md Use this command to get the latest version of the json-patch library. ```bash go get -u github.com/evanphx/json-patch/v5 ``` -------------------------------- ### Example deployments Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/_fragments/sleep-deployment-example.mdx These two example deployments are created within the tenant cluster. One is configured to sleep after 30 seconds, while the other is labeled to prevent it from sleeping. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: sleepy-deployment spec: replicas: 2 selector: matchLabels: app: sleepy template: metadata: labels: app: sleepy spec: containers: - name: main image: busybox command: ["sleep", "3600"] --- apiVersion: apps/v1 kind: Deployment metadata: name: no-sleep-deployment spec: replicas: 2 selector: matchLabels: app: no-sleep template: metadata: labels: app: no-sleep sleep: "no-thanks" spec: containers: - name: main image: busybox command: ["sleep", "3600"] ``` -------------------------------- ### Example kube-apiserver Arguments Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/private-nodes/1-control-plane-components.mdx This is an example output showing the arguments passed to the `kube-apiserver` process. It includes various configuration flags, such as `--enable-admission-plugins` and `--profiling`. ```text 44 root 0:03 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false --enable-admission-plugins=NodeRestriction ``` ```text 45 root 0:04 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false ``` -------------------------------- ### vcluster platform connect namespace Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_platform_connect_namespace.md Illustrates different ways to use the `vcluster platform connect namespace` command, including specifying a namespace and a project. ```bash vcluster platform connect namespace vcluster platform connect namespace myspace vcluster platform connect namespace myspace --project myproject ``` -------------------------------- ### vcluster platform get cluster-access-key Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_platform_get_cluster-access-key.md This example demonstrates how to obtain the network peer cluster token for a specified vcluster. Ensure you replace `[CLUSTER_NAME]` with the target cluster's name. ```bash ######################################################### ############## loft get cluster-access-key ############## ######################################################### Returns the Network Peer Cluster Token Example: vcluster platform get cluster-access-key [CLUSTER_NAME] ######################################################## ``` -------------------------------- ### vcluster describe Examples Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_describe.md Demonstrates how to describe a virtual cluster, with an option to output in JSON format. ```bash vcluster describe test ``` ```bash vcluster describe -o json test ``` -------------------------------- ### Install License Server with Ingress Enabled Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/air-gapped/with-offline-license-server.mdx Use this command to install the license server with ingress enabled. Configure the ingress host and path according to your environment. This setup is suitable for non-TLS ingress configurations. ```bash helm install license-server license-server \ --repo https://charts.loft.sh \ --namespace license-server \ --set postgresql.enabled=true \ --set existingSecret=license-server-config \ --set ingress.enabled=true \ --set ingress.className=nginx \ --set ingress.hosts[0].host=license-server.example.com \ --set ingress.hosts[0].paths[0].path=/ \ --set ingress.hosts[0].paths[0].pathType=Prefix ``` -------------------------------- ### Example kube-apiserver process output with Kubelet Client Args Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/private-nodes/1-control-plane-components.mdx This output shows a running kube-apiserver process including the --kubelet-client-certificate and --kubelet-client-key arguments. ```bash 12 root 0:32 /binaries/kube-apiserver --service-cluster-ip-range=10.128.0.0/16 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=https://my-vcluster-etcd:2379 --etcd-cafile=/data/pki/etcd/ca.crt --etcd-certfile=/data/pki/apiserver-etcd-client.crt --etcd-keyfile=/data/pki/apiserver-etcd-client.key --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --profiling=false --advertise-address=127.0.0.1 --endpoint-reconciler-type=none --kubelet-client-certificate=/data/pki/apiserver-kubelet-client.crt --kubelet-client-key=/data/pki/apiserver-kubelet-client.key --endpoint-reconciler-type=none --egress-selector-config-file=/data/konnectivity/egress.yaml --admission-control-config-file=/etc/kubernetes/admission-control.yaml --anonymous-auth=false --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/audit.log --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100 --enable-admission-plugins=AlwaysPullImages,DenyServiceExternalIPs,EventRateLimit,NodeRestriction --encryption-provider-config=/etc/encryption/encryption-config.yaml --request-timeout=300s --service-account-lookup=true --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ``` -------------------------------- ### Serve Built Documentation Locally Source: https://github.com/loft-sh/vcluster-docs/blob/main/CONTRIBUTING.md Serve the locally built static documentation content to test it before deployment. ```bash npm run serve ``` -------------------------------- ### Clean up Azure resources Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/environments/azure.mdx Run this command to delete the AKS cluster and associated resources if you installed it using this guide. ```bash az aks delete --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME ``` -------------------------------- ### Get Current Kubernetes Context Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/install/quick-start-guide.mdx Verify the active Kubernetes context before installation. This ensures commands interact with the intended cluster. ```bash kubectl config current-context ``` -------------------------------- ### Example kube-apiserver Command Output Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/host-nodes/1-control-plane-components.mdx This output shows an example of the `ps -ef` command executed within a vCluster pod, demonstrating the arguments passed to the `kube-apiserver` process. Verify the presence of `--enable-admission-plugins=AlwaysPullImages,DenyServiceExternalIPs,NodeRestriction`. ```bash 45 root 0:04 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false --enable-admission-plugins=AlwaysPullImages,DenyServiceExternalIPs,NodeRestriction --request-timeout=300s --encryption-provider-config=/etc/encryption/encryption-config.yaml --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/audit.log --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100 ``` -------------------------------- ### Configure Vale LS for Neovim with mason.nvim Source: https://github.com/loft-sh/vcluster-docs/blob/main/CONTRIBUTING.md Example Lua configuration for mason.nvim to automatically install and manage the vale_ls language server. ```lua return { "williamboman/mason.nvim", optional = true, opts = function(_, opts) if type(opts.ensure_installed) == "table" then vim.list_extend(opts.ensure_installed, { "vale_ls" }) end end, } ``` -------------------------------- ### Get etcd peer ip Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/binary/manage.mdx Retrieves the etcd peer IP address from vCluster service logs, useful for identifying nodes in an HA setup. ```bash journalctl -u vcluster.service | grep etcd | grep "Adding peer" ``` -------------------------------- ### vcluster logout Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/cli/vcluster_logout.md Demonstrates the simplest way to execute the logout command. ```bash vcluster logout ``` -------------------------------- ### Shared Database Secret Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/administer/connector/database.mdx Use this secret to connect to an internal MySQL instance for the shared database feature. Ensure the namespace matches your vCluster Platform installation. ```yaml apiVersion: v1 kind: Secret metadata: name: default-data-source namespace: vcluster-platform # This must match the namespace that vCluster Platform is in. labels: loft.sh/connector-type: "shared-database" stringData: endpoint: mysql.vcluster-platform # This service can be in any namespace. password: port: "3306" user: root type: mysql # This can be mysql or postgres. If left blank, the mysql database type is assumed. ``` -------------------------------- ### API Server Command Output Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/private-nodes/1-control-plane-components.mdx Example output from the `ps -ef | grep kube-apiserver` command, showing various API server arguments including admission plugins. ```text 45 root 0:04 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false --enable-admission-plugins=EventRateLimit --admission-control-config-file=/etc/kubernetes/admission-control.yaml ``` -------------------------------- ### vCluster Restore Command Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/understand/volume-snapshots.mdx Initiates the volume restore process for a vCluster. Ensure the tenant cluster is configured with volume snapshot controller enabled and the CSI driver is installed. ```bash vcluster restore mycluster ... ``` -------------------------------- ### Create Root Logger Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/go-logr/logr/README.md Demonstrates how to create the root logger early in an application's lifecycle using a specific implementation. ```go func main() { // ... other setup code ... // Create the "root" logger. We have chosen the "logimpl" implementation, // which takes some initial parameters and returns a logr.Logger. logger := logimpl.New(param1, param2) // ... other setup code ... ``` -------------------------------- ### Example API Server Output with Service Account Lookup Enabled Source: https://github.com/loft-sh/vcluster-docs/blob/main/vcluster_versioned_docs/version-0.35.0/deploy/control-plane/kubernetes-pod/security/hardening-guide/host-nodes/1-control-plane-components.mdx This is an example output from `ps -ef | grep kube-apiserver` showing the `--service-account-lookup=true` argument. ```text 43 root 0:02 /binaries/kube-apiserver --advertise-address=127.0.0.1 --service-cluster-ip-range=10.96.0.0/12 --bind-address=127.0.0.1 --allow-privileged=true --authorization-mode=RBAC --client-ca-file=/data/pki/client-ca.crt --enable-bootstrap-token-auth=true --etcd-servers=unix:///data/kine.sock --proxy-client-cert-file=/data/pki/front-proxy-client.crt --proxy-client-key-file=/data/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/data/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/data/pki/sa.pub --service-account-signing-key-file=/data/pki/sa.key --tls-cert-file=/data/pki/apiserver.crt --tls-private-key-file=/data/pki/apiserver.key --endpoint-reconciler-type=none --profiling=false --service-account-lookup=true ``` -------------------------------- ### Convert float32 to float16 and back Source: https://github.com/loft-sh/vcluster-docs/blob/main/vendor/github.com/x448/float16/README.md Demonstrates basic conversion between float32 and float16 types using the library's functions. Ensure the package is installed with 'go get github.com/x448/float16'. ```Go pi := float32(math.Pi) pi16 := float16.Fromfloat32(pi) pi32 := pi16.Float32() ``` -------------------------------- ### Basic Platform Configuration Example Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/configure/platform-configs/overview.mdx Add configuration under the `config` section of the `vcluster-platform` chart's `values.yaml` for basic platform behavior. ```yaml config: vault: enabled: true ``` -------------------------------- ### Restore the loft-cert secret Source: https://github.com/loft-sh/vcluster-docs/blob/main/platform_versioned_docs/version-4.10.0/maintenance/backup-restore/preserve-license.mdx Apply the backed-up certificate secret YAML file to restore the 'loft-cert' secret. This should be done after installing the platform with replicaCount set to 0 and before starting the platform. ```bash kubectl apply -f loft-cert-backup.yaml ``` -------------------------------- ### Serve Documentation Locally Source: https://github.com/loft-sh/vcluster-docs/blob/main/README.md Builds a development version of the documentation site and serves it locally, continuously watching for changes. Requires dependencies to be installed. ```bash npm run start ```