Skip to main content
Version: main 🚧

Ingress Suffix

As outlined in the 'Tenant Clusters -> Advanced Topics -> Ingress Access' section, you can enable the 'AccessPoint' feature to access a tenant cluster API server directly by avoiding the vCluster Platform proxy. This requires a valid ingress controller to be present on the control plane cluster and a valid domain to be set in the loft.sh/ingress-suffix annotation on the Cluster Object.

Once this is done, vCluster Platform creates a connection to the tenant cluster through an ingress instead of the default vCluster Platform proxy. This can be useful, if you want to handout the tenant cluster kubeconfig to users that do not belong to vCluster Platform.

The ingress name URL is calculated in the following way:

[VirtualClusterInstance Name]-[Project Name].[ingressSuffix]


You can set the required ingress suffix in the vCluster Platform UI:

  1. Go to Infrastructure > Control Plane Clusters.

  2. Click the option for the cluster you want to modify.

  3. In the configuration sheet that opens, click the Direct Access tab. Provide the desired domain under the Tenant Cluster Ingress Suffix field.

  4. Click the button.

Pre-Requisites

This will require an ingress-controller in the cluster and a wildcard DNS record on the above configured domain. Make sure to enable ssl-passthrough on the ingress controller as well or install the ingress-nginx vCluster Platform app (deprecated).