Feature Request: Add Support for Trusting Self-Signed Certificates in Virtual Clusters

[mdzhigarov]

Is your feature request related to a problem?

Hello vCluster Team,

I am a software developer using vCluster to spin up virtual Kubernetes clusters within my organization. While I am an admin of the virtual clusters I create, I do not have administrative access to the vCluster control plane or the underlying physical Kubernetes nodes.

In my workflow, I use a private Docker registry secured with a self-signed certificate. To ensure that my virtual clusters can pull images from this registry, I need a way to configure the virtual clusters to trust the self-signed certificate.

On a vanilla Kubernetes cluster, this would typically involve adding the certificate to the nodes under /etc/docker/certs.d. However, in the context of virtual clusters, I do not have access to the nodes or control over the container runtime configuration.

Proposed Feature
I would like to request a feature that allows users to specify custom CA certificates (e.g., a self-signed certificate) when creating a virtual cluster. This feature should ensure that the virtual cluster's container runtime and kubelet trust the provided certificates for image pulls and other secure connections.

Possible Implementation Ideas:
Provide a configuration option (e.g., in the vcluster create command or the virtual cluster helm chart) to specify a custom CA certificate file.
During the creation process, ensure that this certificate is installed in the appropriate location inside the virtual cluster environment so that:
The container runtime trusts the registry when pulling images.
Kubernetes components trust the registry or any services secured by the self-signed certificate.
Use Case:
This feature would be invaluable for developers using virtual clusters in environments where private registries with self-signed certificates are common. It would eliminate the need for manual workarounds and align the behavior of virtual clusters with that of standard Kubernetes clusters.

Thank you for considering this request! Please let me know if I can provide any additional details or clarifications.

Best regards,
Marin

Which solution do you suggest?

Provide a configuration option (e.g., in the vcluster create command or the virtual cluster helm chart) to specify a custom CA certificate file.
During the creation process, ensure that this certificate is installed in the appropriate location inside the virtual cluster environment so that:
The container runtime trusts the registry when pulling images.
Kubernetes components trust the registry or any services secured by the self-signed certificate.

Which alternative solutions exist?

No response

Additional context

No response

[matskiv]

I don't think this is in scope for the vcluster as it relies on the host cluster for the container runtime and shouldn't be making this kind of change to the hosts container runtime.