Skip to main content

Core Cluster Installation

Starting from VUI version 0.3.0, the new vui-core component is available.
It enables centralized management of multiple remote clusters from a single UI instance.
πŸ‘‰ Read the announcement and learn more about the project.

This scenario sets up a centralized VUI environment using VUI-Core, designed for multi-cluster visibility, coordination, and control.

Switching to the Namespace​

After creating the vui namespace, you can set it as the default context to avoid specifying -n vui in every command.

To do so, run:

kubectl config set-context --current --namespace=vui

πŸ“Œ This sets velero-ui as the default namespace for your current kubectl context. You can switch back to another namespace later if needed.

Creating Core Credentials​

Sponsors will have access to the vui-core package hosted under the seriohub organization on hub.serio.cloud (a private Docker registry).

To pull the image, you must first create a Kubernetes secret with valid credentials.
There are two supported methods:


πŸ” Method 1: docker-registry type secret​

  1. Generate a valid username and access token
  2. Create the registry secret:
kubectl create secret docker-registry vui-core-login-secret \
--docker-server=https://hub.serio.cloud \
--docker-username=<your-username> \
--docker-password=<your-token> \
--docker-email=<your-email>

πŸ’‘ If your token contains special characters like $, remember to escape it using \ or quote it properly to avoid shell parsing or Helm/Kustomize interpolation issues.


πŸ” Method 2: dockerconfigjson secret​

Alternatively, you can manually create a Docker config file:

Create a file named .dockerconfigjson with the following content:

{
"auths": {
"hub.serio.cloud": {
"username": "<your-username>",
"password": "<your-token>"
}
}
}

Then create the secret:

kubectl create secret generic harbor-creds \
--from-file=.dockerconfigjson=.dockerconfigjson \
--type=kubernetes.io/dockerconfigjson

πŸ“Œ If you use a secret name other than vui-core-login-secret, be sure to update the corresponding value in your Helm configuration (coreService.deployment.imagePullSecrets).

Managing NATS Users​

In this initial release, user authentication for NATS is handled via static user credentials.
These must be created manually and stored in a Kubernetes secret.

  1. Create a temporary file called users.conf with the following content:
users = [
{ user = "nats-Core-User", password = "nats-Core-Pwd" },
{ user = "nats-Agent-1-User", password = "nats-Agent-1-pwd" },
{ user = "nats-Agent-2-User", password = "nats-Agent-2-pwd" },
{ user = "nats-Agent-3-User", password = "nats-Agent-3-pwd" },
]
  1. Create the Kubernetes secret from this file:
kubectl create secret generic vui-nats-user-auth \
--from-file=users.conf=./tmp/users.conf \
-n vui \
--dry-run=client -o yaml | kubectl apply -f -

πŸ”„ The NATS service includes a sidecar that watches this secret and automatically reloads its configuration.
You do not need to restart any pods when updating cluster credentials.

Requirements​

  • Ingress or NodePort access to expose the UI and API
  • A static IP for natsService (recommended for stable multi-cluster communication)

Configuration​

Use the predefined override file:
core.yaml

Minimal required configuration:

global:
veleroNamespace: <your-velero-namespace>
clusterName: <core-cluster-name>
core: true

apiService:
secret:
defaultAdminUsername: <admin>
defaultAdminPassword: <password>
natsUsername: <nats-Agent-1-User>
natsPassword: <nats-Agent-1-Pwd>

coreService:
secret:
clientKey: <client-key>
defaultAdminUsername: <admin>
defaultAdminPassword: <password>
natsUsername: <nats-Core-User>
natsPassword: <nats-Core-Pwd>

exposure:
mode: ingress
ingress:
spec:
tls:
- hosts:
- vui-core.yourdomain.com

natsService:
loadBalancerIP: <ip>
Credentials

Login to the UI with the credentials defined in:

  • Username: coreService.secret.defaultAdminUsername
  • Password: coreService.secret.defaultAdminPassword

Installation​

helm repo add seriohub https://seriohub.github.io/velero-helm
helm repo update

helm install vui seriohub/vui \
-n vui \
--create-namespace \
-f core.yaml

Access​

Once deployed, the UI will be accessible at:

https://vui-core.yourdomain.com

Use the Core dashboard to manage and monitor multiple remote clusters using Agent installations.

Additional Useful Override Files​

The velero-helm repository includes other override files for alternative use cases:

Notes​

  • By default, NATS is configured to use the nats protocol (non-TLS).
  • NATS supports TLS, but enabling it depends on the network and ingress configuration.

LoadBalancer IP Configuration​

If your environment does not allow reserving a static LoadBalancer IP ahead of time, you can retrieve it after deployment and update the chart:

  1. Get the assigned IP:
kubectl get svc -n vui -o jsonpath="{.items[?(@.spec.type=='LoadBalancer')].status.loadBalancer.ingress[0].ip}"
  1. Update the deployment with the resolved IP:
helm upgrade vui ./chart/ -f core.yaml --set natsService.loadBalancerIP=<resolved-ip>

kubectl rollout restart deployment -l component=api -n vui
kubectl rollout restart deployment -l component=core -n vui

Evaluating vui-core​

We understand that some organizations may need more information about vui-core capabilities before sponsoring.
If your team is considering supporting VUI and would like to explore vui-core, feel free to get in touch.