Core Cluster Installation
Starting from VUI version 0.3.0, the new vui-core component is available.
It enables centralized management of multiple remote clusters from a single UI instance.
π Read the announcement and learn more about the project.
This scenario sets up a centralized VUI environment using VUI-Core, designed for multi-cluster visibility, coordination, and control.
Switching to the Namespaceβ
After creating the vui namespace, you can set it as the default context to avoid specifying -n vui in every command.
To do so, run:
kubectl config set-context --current --namespace=vui
π This sets
velero-uias the default namespace for your current kubectl context. You can switch back to another namespace later if needed.
Creating Core Credentialsβ
Sponsors will have access to the vui-core package hosted under the seriohub organization on hub.serio.cloud (a private Docker registry).
To pull the image, you must first create a Kubernetes secret with valid credentials.
There are two supported methods:
π Method 1: docker-registry type secretβ
- Generate a valid username and access token
- Create the registry secret:
kubectl create secret docker-registry vui-core-login-secret \
--docker-server=https://hub.serio.cloud \
--docker-username=<your-username> \
--docker-password=<your-token> \
--docker-email=<your-email>
π‘ If your token contains special characters like
$, remember to escape it using\or quote it properly to avoid shell parsing or Helm/Kustomize interpolation issues.
π Method 2: dockerconfigjson secretβ
Alternatively, you can manually create a Docker config file:
Create a file named .dockerconfigjson with the following content:
{
"auths": {
"hub.serio.cloud": {
"username": "<your-username>",
"password": "<your-token>"
}
}
}
Then create the secret:
kubectl create secret generic harbor-creds \
--from-file=.dockerconfigjson=.dockerconfigjson \
--type=kubernetes.io/dockerconfigjson
π If you use a secret name other than
vui-core-login-secret, be sure to update the corresponding value in your Helm configuration (coreService.deployment.imagePullSecrets).
Managing NATS Usersβ
In this initial release, user authentication for NATS is handled via static user credentials.
These must be created manually and stored in a Kubernetes secret.
- Create a temporary file called
users.confwith the following content:
users = [
{ user = "nats-Core-User", password = "nats-Core-Pwd" },
{ user = "nats-Agent-1-User", password = "nats-Agent-1-pwd" },
{ user = "nats-Agent-2-User", password = "nats-Agent-2-pwd" },
{ user = "nats-Agent-3-User", password = "nats-Agent-3-pwd" },
]
- Create the Kubernetes secret from this file:
kubectl create secret generic vui-nats-user-auth \
--from-file=users.conf=./tmp/users.conf \
-n vui \
--dry-run=client -o yaml | kubectl apply -f -
π The NATS service includes a sidecar that watches this secret and automatically reloads its configuration.
You do not need to restart any pods when updating cluster credentials.
Requirementsβ
- Ingress or NodePort access to expose the UI and API
- A static IP for
natsService(recommended for stable multi-cluster communication)
Configurationβ
Use the predefined override file:
core.yaml
Minimal required configuration:
global:
veleroNamespace: <your-velero-namespace>
clusterName: <core-cluster-name>
core: true
apiService:
secret:
defaultAdminUsername: <admin>
defaultAdminPassword: <password>
natsUsername: <nats-Agent-1-User>
natsPassword: <nats-Agent-1-Pwd>
coreService:
secret:
clientKey: <client-key>
defaultAdminUsername: <admin>
defaultAdminPassword: <password>
natsUsername: <nats-Core-User>
natsPassword: <nats-Core-Pwd>
exposure:
mode: ingress
ingress:
spec:
tls:
- hosts:
- vui-core.yourdomain.com
natsService:
loadBalancerIP: <ip>
Login to the UI with the credentials defined in:
- Username:
coreService.secret.defaultAdminUsername - Password:
coreService.secret.defaultAdminPassword
Installationβ
helm repo add seriohub https://seriohub.github.io/velero-helm
helm repo update
helm install vui seriohub/vui \
-n vui \
--create-namespace \
-f core.yaml
Accessβ
Once deployed, the UI will be accessible at:
https://vui-core.yourdomain.com
Use the Core dashboard to manage and monitor multiple remote clusters using Agent installations.
Additional Useful Override Filesβ
The velero-helm repository includes other override files for alternative use cases:
core-ldap.yamlβ Enables LDAP authentication
Notesβ
- By default, NATS is configured to use the
natsprotocol (non-TLS). - NATS supports TLS, but enabling it depends on the network and ingress configuration.
LoadBalancer IP Configurationβ
If your environment does not allow reserving a static LoadBalancer IP ahead of time, you can retrieve it after deployment and update the chart:
- Get the assigned IP:
kubectl get svc -n vui -o jsonpath="{.items[?(@.spec.type=='LoadBalancer')].status.loadBalancer.ingress[0].ip}"
- Update the deployment with the resolved IP:
helm upgrade vui ./chart/ -f core.yaml --set natsService.loadBalancerIP=<resolved-ip>
kubectl rollout restart deployment -l component=api -n vui
kubectl rollout restart deployment -l component=core -n vui
Evaluating vui-coreβ
We understand that some organizations may need more information about vui-core capabilities before sponsoring.
If your team is considering supporting VUI and would like to explore vui-core, feel free to get in touch.