A Kubernetes operator for creating fully managed virtual clusters.
- Create a VCluster.
- Install Helm and Source Controller in the VCluster.
- Create Helm charts when mentioned in the UffizziCluster CRD.
- Expose Ingress for the VCluster to connect via the
vcluster connect <name> --server=<vcluster-ingress>command. - Expose Services from within the VCluster.
- Enable authentication for the Ingresses.
- Expose Ingress which gives commandline access to the VCluster environment (run vcluster connect in a terminal and give webterminal access ?)
- Suspend the VCluster if it is not being used for a certain period of time.
This operator is best installed with Helm as a dependency of the Uffizzi Helm chart: https://github.com/UffizziCloud/uffizzi/tree/develop/charts/uffizzi-app
Alternatively, if you're installing the Uffizzi control plane on a separate cluster, you may install this operator as a dependency of the Uffizzi controller Helm chart: https://github.com/UffizziCloud/uffizzi_controller/tree/uffizzi-controller-2.2.5/charts/uffizzi-controller
Lastly, a Helm chart for the operator itself is provided: https://github.com/UffizziCloud/uffizzi-cluster-operator/tree/main/chart
We need the Helm Controller and Source Controller which are components of flux cd. Use the following command to install them (if you are using GKE).
flux install --namespace=flux-system --components="source-controller,helm-controller" --toleration-keys="sandbox.gke.io/runtime"The NGINX Ingress controller also need to be installed in the said cluster with SSL Passthrough enabled (disabled by default) https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough.
Then configure it based on https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#keycloak-oidc-auth-provider
We're most often using our shared qa cluster for development. Before "taking over", shut down the operator that's active there. If that was installed via the Helm chart, this command will look like this:
kubectl scale --replicas=0 deployment uffizzi-uffizzi-cluster-operator --namespace uffizziBe sure so scale back up after you're finished testing!
kubectl scale --replicas=1 deployment uffizzi-uffizzi-cluster-operator --namespace uffizziTo install the CRD for UffizziCluster and run the operator locally, use the following command:
make install && make runOnce installed, use the following command to create a sample UffizziCluster:
kubectl apply -f examples/helm-basic.ymlThe VCluster will be created with the Helm and Source Controllers installed as well.
kubectl delete UffizziCluster,helmrelease,helmrepository --all && make uninstall