Isolated control plane
This feature is available in the vCluster Pro tier. Contact us for more details and to start a trial.
The vCluster control plane runs in one cluster, while a second, headless vCluster instance runs workloads in a separate cluster.
Key benefits
-
Optimize resource allocation. Deploy control planes on cost-effective clusters and direct heavy-duty tasks, such as GPU-intensive workloads, to higher-performance clusters.
-
Simplify management. Offer a straightforward, enforceable, alternative to each developer managing increasingly complex amounts of taints, tolerations, or node affinities to schedule workloads to the appropriate clusters.
-
Enhance security with control. Developers can manage workloads via the control plane, even if the workloads reside in a secure zone. This eliminates the need to provide developers with direct cluster access, firewall configurations, and permissions management.
-
Divide responsibilities. Allow for a clear separation of duties, where one team oversees the control plane cluster and other teams handle the workload clusters.
| Deprecated Parameter | Config Field |
|---|---|
--remote-kube-config | kubeConfig |
--remote-namespace | namespace |
--remote-service-name | service |
Configure remote virtual cluster as workload cluster
Create a virtual cluster with the following configuration, where the headless field is set to true:
isolatedControlPlane:
headless: true
Create a second virtual cluster with the following configuration, where the enabled field is set to true:
isolatedControlPlane:
enabled: true
kubeConfig: VIRTUAL_CLUSTER_KUBECONFIG
namespace: VIRTUAL_CLUSTER_NAMESPACE
service: VIRTUAL_CLUSTER_SERVICE
Replace the following:
VIRTUAL_CLUSTER_KUBECONFIG: the location of the remote virtual cluster's kubeconfig file- Store the kubeconfig in a Secret or ConfigMap.
- Mount the Secret or ConfigMap as a Volume available to the virtual cluster.
- Configure the Volume as a VolumeMount in the syncer.
VIRTUAL_CLUSTER_NAMESPACE: the remote virtual cluster's namespaceVIRTUAL_CLUSTER_SERVICE: the remote vCluster Service name
Config reference
isolatedControlPlane required object pro
IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.
isolatedControlPlane required object proenabled required boolean pro
Enabled specifies if the isolated control plane feature should be enabled.
enabled required boolean proheadless required boolean pro
Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.
headless required boolean prokubeConfig required string pro
KubeConfig is the path where to find the remote workload cluster kubeconfig.
kubeConfig required string pronamespace required string pro
Namespace is the namespace where to sync the workloads into.
namespace required string proservice required string pro
Service is the vCluster service in the remote cluster.
service required string pro