Skip to main content

Configuration

vNode is deployed as a Helm chart and can be configured by overriding the options with a values.yaml.

vNode Defaults

vNode attempts to determine what Kubernetes distribution (distro) that it's being deployed on. Based on the distro, it will set the configuration. If not, it will fall back to the default value.

# vNode Runtime config. vNode runtime will try to figure out the paths automatically, but you can
# overwrite them here if needed.
config:
  # Platform related configuration
  platform:
    # The host of the platform. e.g. my-platform.loft.com
    host: ""
    # The access key to use for the platform
    accessKey: ""
    # If the connection to the platform is insecure
    insecure: false
  # The root directory of containerd. Default: /var/lib/containerd
  containerdRoot: ""
  # The state directory of containerd. Default: /run/containerd
  containerdState: ""
  # The config path for containerd. Default: /etc/containerd/config.toml
  containerdConfig: ""
  # The directory where to copy the shims to. Default: /usr/local/bin
  containerdShimDir: ""
  # The root path for the kubelet. Default: /var/lib/kubelet
  kubeletRoot: ""
  # The root path for the kubelet pod logs. Default: /var/log
  kubeletLogRoot: ""
  # The root directory of vNode runtime. Default: /var/lib/vnode
  vNodeRuntimeRoot: ""
  # The directory where the cni configuration is stored. Default: /etc/cni/net.d
  cniConfDir: ""
  # The directory where the cni binaries are stored. Default: /opt/cni/bin
  cniBinDir: ""

# DaemonSet options
daemonSet:
  # Image is the image to use for the daemon set
  image:
    # Configure the registry of the container image, e.g. my-registry.com or ghcr.io
    registry: "ghcr.io"
    # Configure the repository of the container image, e.g. my-repo/my-image.
    repository: "loft-sh/vnode-runtime"
    # Tag is the tag of the container image, e.g. latest
    tag: ""
  # Image pull policy for the vNode runtime image
  imagePullPolicy: ""
  # Image pull secrets to use for pulling the image
  imagePullSecrets: []
  # Command for the vNode runtime image
  command: ["/var/lib/vnode/bin/vnode-manager"]
  # Args for the vNode runtime image
  args: ["install"]
  # Env are extra environment options to set
  env: []
  # Volume mounts are extra volume mounts to set
  volumeMounts: []
  # Volumes are extra volumes to set
  volumes: []
  # Node selector to use for the daemon set
  nodeSelector: {}
  # Tolerations for the vNode runtime daemon set
  tolerations: []
  # Additional environment variables populated from Kubernetes resources such as secrets
  envValueFrom: {}

Provide the platform access key via a secret

When you manage vNode with GitOps tools such as Argo CD or Flux, the Helm values file is committed to a Git repository. Storing the platform access key in config.platform.accessKey means the key appears as plaintext in version control. Use a Kubernetes secret instead to keep the key out of your repository.

Create a Kubernetes secret containing the platform credentials in the same namespace where vNode is deployed:

kubectl create secret generic platform-secret \
  --namespace vnode-runtime \
  --from-literal=host=<your-platform-host> \
  --from-literal=accesskey=<your-access-key>

Reference the secret in your vNode Helm values using daemonSet.envValueFrom. Environment variables take precedence over their config.platform equivalents:

vnode-values.yaml
daemonSet:
  envValueFrom:
    VNODE_PLATFORM_HOST:
      secretKeyRef:
        name: platform-secret
        key: host
    VNODE_PLATFORM_ACCESS_KEY:
      secretKeyRef:
        name: platform-secret
        key: accesskey

Deploy or upgrade vNode with this values file:

helm upgrade --install vnode-runtime vnode-runtime -n vnode-runtime \
  --repo https://charts.loft.sh --create-namespace \
  -f vnode-values.yaml

Supported environment variables

All config.platform fields can be set via environment variables through daemonSet.envValueFrom:

Environment variableEquivalent config fieldDescription
VNODE_PLATFORM_HOSTconfig.platform.hostPlatform hostname
VNODE_PLATFORM_ACCESS_KEYconfig.platform.accessKeyPlatform access key
VNODE_PLATFORM_INSECUREconfig.platform.insecureSkip TLS verification
VNODE_PLATFORM_CA_DATACustom CA certificate data
note

Environment variables take precedence over their config.platform equivalents. You can omit the config.platform section entirely when using the secret-based approach.