# Build On Weekly vcluster demo ## Why vcluster? 1. Sharing Kubernetes clusters is hard. If you want to have multiple individuals or teams use the same cluster, it can be pretty painful to set up and maintain. Giving all of those people/teams their own clusters is also hard to manage and can be very expensive. vcluster lets you share clusters while letting users feel like they have their own cluster. 2. vcluster is very fast. It takes seconds to create and destroy clusters. There are many use cases where that's very helpful. ## Demo Requirements * vcluster CLI (see next section below). * A Kubernetes cluster to use as the host cluster. I'm using Docker Desktop but it could be any Kubernetes cluster. * The kubectl binary. Installation instructions [are here](https://kubernetes.io/docs/tasks/tools/#kubectl). * _Optional:_ You'll see when I type that I use `k` instead of `kubectl`. I do that with an alias in my shell: `alias k=kubectl`. I highly recommend this to save yourself a lot of typing when you use Kubernetes. ## What's a namespace? Namespaces are a way to isolate things in a Kubernetes cluster. They allow individuals or teams to have workloads running in the cluster that they can see and interact with, without giving them access to all of the other objects in the cluster. For more info, check out the [Kubernetes Namespaces doc](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/). ## Install the vcluster CLI I'm on a Mac and used Brew but there are other options in the [installation docs](https://www.vcluster.com/docs/getting-started/setup). ```Bash brew install vcluster ``` ## Create a virtual cluster ```Bash vcluster create bow ``` The create command will create a virtual cluster and a namespace for it (`vcluster-bow` in our example). You can specify the name of the namespace with the `-n` flag if you want to use something different. As you can see, creating virtual clusters is super fast. ## List the namespaces in the virtual cluster ```Bash kubectl get namespaces ``` Note that we don't see the vcluster-bow namespace as we're connected to API server for the virtual cluster. We will only see namespaces that have been created inside of the virtual cluster. ## List the namespaces in the host cluster To do this we'll disconnect from the virtual cluster, which will point our Kubernetes config back to the host cluster (my Docker Desktop cluster in my case). ```Bash vcluster disconnect ``` Now let's list the namespaces in the host cluster: ```Bash kubectl get namespaces ``` We should see the `vcluster-bow` namespace that the virtual cluster is running in listed, as well as any other namespaces in the host cluster. Let's connect to the vcluster again. That happened automatically when we ran `vcluster create` but we can use vcluster's `connect` command. ```Bash vcluster connect bow ``` ## Create an Nginx deployment in the virtual cluster Create the nginx namespace: ```Bash kubectl create namespace nginx ``` Create the nginx deployment: ```Bash kubectl create deployment nginx --image=nginx -n nginx -r 2 ``` This creates the deployment in the nginx namespace with two pods running. ```Bash kubectl get pods -n nginx ``` You should see two nginx pods in the Running state. If they are in the ContainerCreating state, run the `get pods` command again until the pods are running. ## View resources in the host cluster Let's switch back to the host cluster again. We will look at some resources in the host cluster to learn more about how vcluster works. ```Bash vcluster disconnect ``` Let's look first at the namespaces: ```Bash kubectl get namespaces ``` As you can see the `vcluster-bow` namespace is still there but we don't see the `nginx` namespace, since it was created inside the virtual cluster. Next let's look at the pods running in that `vcluster-bow` namespace. ```Bash kubectl get pods -n vcluster-bow ``` We should see several pods there. One will be the vcluster pod, which contains the tools the vcluster needs to operate. There will also be a coredns pod running that vcluster uses. There should also be two nginx pods listed, which are the pods from the deployment we created in the virtual cluster. They will have names like: `nginx-8f458dc5b-46c8w-x-nginx-x-bow` How can we see these pods in the host cluster when we can't even see the nginx namespace? vcluster maintains the state of most of the objects inside of the virtual cluster in a database (SQLite by default). But the virtual cluster is a slimmed down version of Kubernetes and it does not contain a scheduler. Instead the pods are scheduled by the underlying host cluster. So we see those pods when we do a `kubectl get pods` in the host cluster. vcluster renames the pods that run in the host cluster, to include the name of the virtual cluster and the name of the namespace inside of the virtual cluster that those pods run in. This helps prevent naming collisions with the pods, as you could have many nginx pods running in the host cluster. ## Other handy commands ```Bash vcluster list vcluster pause vcluster resume ``` The `list` command shows all of the virtual clusters you have running. The `pause` command removes all of the container workloads running in your virtual cluster. All of the configuration for them remains, but the containers themselves are delted, which frees up resources. The `resume` command starts the containers again. ## Cleanup To delete the vcluster and it's resources we can run: ```Bash vcluster delete bow ``` That will remove the virtual cluster and all of its resources, including the namespace it ran in. We can check that our pods are all gone by running: ```Bash kubectl get pods -A ``` The `-A` flag lists pods for all namespaces. We won't see the nginx pods that we created in the virtual cluster, or the other pods vcluster runs. The fact that it takes seconds to create and delete these virtual clusters makes vcluster great for iterating in local development, but you can use it for other use cases where speed is important. ## Docker Desktop extension If you use Docker Desktop for the host cluster, there's now a vcluster Docker Desktop extension that has a nice UI for performing a lot of the same tasks we did with the CLI. Here's a [blog post](https://loft.sh/blog/introducing-vcluster-for-docker-desktop-extension/) with more details about that. ## Advanced topics * There is an EKS distro for vcluster, so you can use EKS for the Kubernetes running inside the virtual cluster. To do that use `--distro eks` when you create the cluster. Thanks to Justin Garrison from AWS for the pull request. * You can install vcluster with Helm directly. If you run `vcluster create` you'll see the Helm command that gets run, for an example. You can also override the values with your own values.yaml. * If you want to automate virtual cluster creation more there is a [Cluster API provider for vcluster](https://github.com/loft-sh/cluster-api-provider-vcluster). * If your use case for vcluster requires harder isolation between tenants, check out vcluster's [isolated mode](https://www.vcluster.com/docs/operator/security), which creates a Pod Security Standard, a resource quota, a limit range, and a network policy. ## To learn more Here are some resources if you want to learn more about vcluster. * [vcluster.com](https://vcluster.com) contains an overview of vcluster, as well as links to the [vcluster docs](https://www.vcluster.com/docs/what-are-virtual-clusters) and the [GitHub repo](https://github.com/loft-sh/vcluster). * I did a recorded talk for PlatformCON about [vcluster use cases](https://youtu.be/_1_iTue9GZU). * Our CEO Lukas Gentele [did a talk at KubeCon 2021](https://youtu.be/QddWNqchD9I) about vcluster that goes more into the architecture. * We host a [community Slack](https://slack.loft.sh) with a #vcluster channel, where you can talk to the vcluster maintainers and other vcluster users. ## Shout outs * Thanks to my employer [Loft Labs](https://loft.sh) for creating and maintaining vcluster. It's a really fun tool to talk about. The virtual cluster technology is also part of our commercial product, Loft. * I host a podcast called Kube Cuddle where I interview people in the Kubernetes community. You can finding it by searching for `Kube Cuddle` in your podcast player, or [listen here](https://kubecuddle.transistor.fm/).