May 14th, 2025
vCluster
vCluster v0.25 - Istio Integration
Our newest release of vCluster includes a boatload of new features, updates, and some important changes. Foremost, we are excited to announce our integration with Istio!
Istio Integration
Istio has long been a cornerstone of service-mesh solutions within the CNCF community, and we are thrilled to introduce an efficient solution built directly into vCluster. This integration eliminates the need to run separate Istio installations inside each virtual cluster. Instead it enables all virtual clusters to share a single host installation, creating a simpler and more cost-effective architecture that is easier to maintain.
Our integration works by syncing Istio’s DestinationRules, VirtualServices, and Gateways from the virtual cluster into the host cluster. Any pods created in a virtual-cluster namespace labeled with istio.io/dataplane-mode will have that label attached when they are synced to the host cluster. And finally a Kubernetes Gateway resource is automatically deployed to the virtual-clusters host namespace in order to be used as a Waypoint proxy. Pods will then be automatically included in the mesh.
integrations:
istio:
enabled: truePlease note that the integration uses Ambient mode directly, and is not compatible with sidecar mode. See the Istio Integration docs for more info, pre-requisites, and configuration options.
Support for Istio in Sleep Mode
Along with our Istio integration comes direct-support with our vCluster-native workload sleep feature. Once the Istio integration is set up on the virtual cluster, and Sleep Mode is enabled, workloads that aren’t receiving traffic through the mesh can be automatically spun down, and once traffic is received they will scale back up again. This allows for an Istio-only ingress setup, one which doesn’t use a standard operator such as ingress-nginx, to take advantage of our Sleep Mode feature.
See the docs for more information on how this can be configured. In many cases it will be as simple as the following:
sleepMode:
enabled: true
autoSleep:
afterInactivity: 30s
integrations:
istio:
enabled: trueNotable changes and improvements
vCluster K8s Distribution Deprecations and Migration Path
Due to the complications of maintaining and testing across several Kubernetes distributions, and their divergence from upstream, both k0s and k3s are now deprecated as vCluster control plane options in v0.25. This leaves upstream Kubernetes as the recommended and fully supported option. In v0.26 k0s will be removed, however k3s will remain as an option for some time in order to give users a chance to migrate to upstream Kubernetes.
To assist with this change, we have added another way to migrate from k3s to k8s, beyond our recent Snapshot&Restore feature which was released in v0.24. This new feature allows changing just the vcluster.yaml, see the docs for more details.
Starting with a k3s vCluster config:
controlPlane:
distro:
k3s:
enabled: trueYou can now simply update that distro config to use k8s instead, and then upgrade:
controlPlane:
distro:
k8s:
enabled: truePlease be aware that this only works for migrating from k3s to k8s, and not the other way around.
InitContainer and Startup changes
Our initContainer process has been revamped to use a single image, as opposed to three. This not only simplifies the config.yaml around custom control-plane settings, but will lower startup time by a significant margin. See the PR for further information.
This will be a breaking change if any custom images were used, specifically under the following paths, but note that others like extraArgs or enabled are not changing:
controlPlane:
distro:
k8s:
controllerManager: ...
scheduler: ...
apiServer: ...
image:
tag: v1.32.1All three images can now be set from a single variable:
controlPlane:
distro:
k8s:
image:
tag: v1.32.1Images.txt and Images-optional.txt updates for custom registries
The images.txt file is generated as an asset on every vCluster release to facilitate the AirGap registry process, and is also useful for informational purposes. However in recent releases the file was getting overly long and convoluted. This can lead to a substantial amount of unnecessary bandwidth and hassle for users who migrate every image to their private registry.
Starting in v0.25 the file will be renamed to vcluster-images.txt and only contain the latest version of each component. Second, a new images-optional.txt will be added to the assets, and this will contain all additional possible component images. This will make first-time installs much easier, and allow current users to select only the images they need. Finally, unsupported Kubernetes versions have been removed, which further reduced the size of the file.
Update to database connector in vcluster.yaml required
If using an external database connector or external datasource in version v0.24.x or earlier, configuration was possible without using the enabled flag:
controlPlane:
backingStore:
database:
external:
connector: test-secret
--or--
datasource: "mysql://root:password@tcp(0.0.0.0)/vcluster"Before upgrading or starting a v0.25.0 virtual cluster, you must also set enabled: true, otherwise a new sqlite database will be used instead. See this issue for more details and updates in the future.
controlPlane:
backingStore:
database:
external:
enabled: true # required
connector: test-secretOther Changes
Fixes & Other Changes
As stated in our v0.23 announcement, deploying multiple virtual clusters per-namespace has been deprecated. When using v0.25 and beyond, the virtual cluster pod will no longer start.
Some commands or configurations, such as using the patches feature, were not correctly checking for licensing on command execution, instead only erroring out in the logs. Those have been moved to command execution, so that any issues with licensing can be quickly surfaced and resolved.
For a list of additional fixes and smaller changes, please refer to the release notes.