diff --git a/.claude/settings.json b/.claude/settings.json
new file mode 100644
index 000000000..6ff9b424f
--- /dev/null
+++ b/.claude/settings.json
@@ -0,0 +1,17 @@
+{
+ "hooks": {
+ "PreToolUse": [
+ {
+ "matcher": "Bash",
+ "hooks": [
+ {
+ "type": "command",
+ "if": "Bash(gh pr create *)",
+ "command": "echo '{\"hookSpecificOutput\":{\"hookEventName\":\"PreToolUse\",\"additionalContext\":\"Read .github/pull_request_template.md and use its exact structure as the PR body before continuing.\"}}'",
+ "statusMessage": "Checking PR template..."
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/.github/styles/Google/Headings.yml b/.github/styles/Google/Headings.yml
index f4ea17489..d2ef5c81e 100644
--- a/.github/styles/Google/Headings.yml
+++ b/.github/styles/Google/Headings.yml
@@ -26,6 +26,7 @@ exceptions:
- Linux
- macOS
- Marketplace
+ - MetalLB
- MongoDB
- OSImage
- PXE
diff --git a/vcluster/configure/vcluster-yaml/deploy.mdx b/vcluster/configure/vcluster-yaml/deploy.mdx
index 0b7c0f780..87e90df73 100644
--- a/vcluster/configure/vcluster-yaml/deploy.mdx
+++ b/vcluster/configure/vcluster-yaml/deploy.mdx
@@ -17,7 +17,8 @@ vCluster supports addons that extend the capabilities of your tenant cluster. Yo
### Metrics Server
-vCluster can install [metrics server](https://github.com/kubernetes-sigs/metrics-server) into the vCluster. This can be enabled via:
+vCluster can install the [Kubernetes Metrics Server](https://github.com/kubernetes-sigs/metrics-server) into the tenant cluster. Enable it when you need `kubectl top` output or want the Horizontal Pod Autoscaler to use CPU and memory metrics.
+
```yaml title="Enable Metrics Server"
deploy:
metricsServer:
@@ -27,7 +28,7 @@ deploy:
### CNI
-vCluster installs [Flannel](https://github.com/flannel-io/flannel) by default. You can install your own CNI with the following.
+vCluster installs [Flannel](https://github.com/flannel-io/flannel) as the Container Network Interface (CNI) by default. You can disable it and install your own CNI.
```yaml title="Disable default Flannel CNI"
deploy:
@@ -36,28 +37,69 @@ deploy:
enabled: false
```
+:::note User-managed component
+When you disable Flannel, you are responsible for installing and operating a CNI in the tenant cluster. vCluster support does not cover the configuration or behavior of user-managed CNI installations.
+:::
+
### Kube proxy
-vCluster installs [Kube Proxy](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) by default to ensure that services are configured on the nodes. Some CNI implement their own kube-proxy functionality. Optionally, you can disable kube-proxy deployment in the vCluster config.
+vCluster installs [kube-proxy](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) by default to configure services on worker nodes. If your CNI implements its own service proxy (for example, Cilium in kube-proxy replacement mode), you can disable it.
+
+```yaml title="Disable kube-proxy"
+deploy:
+ kubeProxy:
+ enabled: false
+```
+
+To customize kube-proxy behavior without disabling it, use the `config` field. Values merge into the default KubeProxyConfiguration. See the [Kubernetes kube-proxy config API reference](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/) for available fields.
+
+```yaml title="Custom kube-proxy config"
+deploy:
+ kubeProxy:
+ config:
+ mode: ipvs
+ ipvs:
+ scheduler: rr
+```
+
+Use `extraArgs` to pass additional flags directly to the kube-proxy binary.
-### Metallb
+### MetalLB
-vCluster can install [Metallb](https://metallb.io/) into the vCluster. This can be enabled via:
-```yaml title="Enable Metallb"
+vCluster can install [MetalLB](https://metallb.io/) into the tenant cluster. Enable this with the following YAML:
+
+```yaml title="Enable MetalLB"
deploy:
metallb:
enabled: true
ipAddressPool:
addresses:
- - 10.X.X.1-10.X.X.100 # your ips here
+ - 10.X.X.1-10.X.X.100 # your IPs here
```
### Local Path Provisioner
-vCluster installs the [Local Path Provisioner](https://github.com/rancher/local-path-provisioner) by default to allow stateful workloads within the vCluster.
+vCluster installs the [Local Path Provisioner](https://github.com/rancher/local-path-provisioner) by default to provide a default StorageClass for stateful workloads. If you bring your own storage solution, you can disable it.
+
+```yaml title="Disable Local Path Provisioner"
+deploy:
+ localPathProvisioner:
+ enabled: false
+```
+
+:::note User-managed component
+When you disable the Local Path Provisioner and replace it with your own StorageClass, vCluster support does not cover your storage configuration. Replacing the provisioner does not affect existing PersistentVolumes, However, new PersistentVolumeClaims do not bind until a replacement provisioner is available.
+:::
+
+## Control plane components
+
+CoreDNS and Konnectivity are control plane components, not deploy addons. Configure them under `controlPlane` in your vcluster.yaml:
+
+- **CoreDNS**: see [CoreDNS configuration](./control-plane/components/coredns.mdx)
+- **Konnectivity**: configure or disable under `controlPlane.advanced.konnectivity`
## Config reference