Ingress Access
Typically, virtual clusters are accessed via the platform proxy, that is, requests to the virtual cluster API server, are proxied through the platform itself. This behavior allows for the platform to act as a single endpoint for all virtual clusters in the platform deployment. Because of this behavior, the platform is also able to act as a central point of authentication and authorization, and to log all interactions (if vCluster Platform Auditing is licensed and enabled).
In some situations you may prefer to access a virtual cluster API server directly, that is, not
via the platform proxy. This behavior can be enabled with the virtual cluster AccessPoint
feature.
Enabling AccessPoint
on a virtual cluster requires that the host cluster has a valid ingress
controller deployed, and the Cluster
object has the loft.sh/ingress-suffix
annotation set
with a valid domain.
The hostname used to access a virtual cluster that has the AccessPoint
feature enabled, will
be of the following format:
<VIRTUAL_CLUSTER_INSTANCE_NAME>-<PROJECT_NAME>.<INGRESS_SUFFIX>
Where the <VIRTUAL_CLUSTER_INSTANCE_NAME>
is the name of the virtual cluster instance, the
<PROJECT_NAME>
is the name of the project the virtual cluster instance is created in, and the
<INGRESS_SUFFIX>
is the value from the loft.sh/ingress-suffix
annotation on the cluster.
Enabling Ingress Access when Creating the Virtual Cluster
Enabling the AccessPoint
feature can be done during virtual cluster creation in the UI.
From the project drop-down menu (top left corner), select the project you'd like to create the virtual cluster in.
Click on Virtual Clusters.
Click the button.
Click the button to skip selecting a virtual cluster template.
Click the Advanced Options.
Click the
to expand the configuration section.Slide the Enable Ingress Access slider to enable the ingress action.
Finish configuring anything else you'd like on your virtual cluster, then click the button.
The AccessPoint
feature can also be enabled on the template.