Skip to main content
Version: v4.4

Manually configure a virtual cluster

Each virtual cluster belongs to a project. Projects control whether users can create virtual clusters with or without templates.

Who can create virtual clusters without a template​

By default, projects require templates for virtual cluster creation. This means:

  • Project users can only create virtual clusters from allowed templates configured by the project admin.
  • Project admins and platform admins can always create virtual clusters without a template, regardless of project settings.

If project admins disable the requireTemplate setting, project users can also create virtual clusters without templates. Keep this setting enabled in production environments to maintain security controls.

Create without template​

Security consideration

Creating virtual clusters without a template bypasses the security controls that templates provide. Users with this capability can configure any vCluster settings, including sync configurations that could grant elevated access to host cluster resources.

For production environments:

  • Keep templates required for all projects (the default requireTemplate setting)
  • Grant project admin roles only to users who need to create virtual clusters without templates
  • Control who can create projects, since project creators become project admins. See project membership for details on project roles
  • Use hardened templates to control which resources can be synced to and from the host cluster

  1. From the project drop-down menu (top left corner), select the project you'd like to create the virtual cluster in.

  2. Click on Virtual Clusters.

  3. Click the button.

  4. In the popup, confirm that the virtual cluster template field is empty.

  5. [Optional] Select the cluster in which to create the virtual cluster.

  6. [Optional] Add a name for your virtual cluster.

  7. Click the to continue.

  8. In the drawer that appears from the right, update the virtual cluster with any additional desired configuration options.

    1. The Definition tab contains settings relating to the virtual cluster deployment itself, here you can provide Helm values to be used when deploying the virtual cluster, select the virtual cluster distribution (e.g. k8s (default), k3s, k0s), as well as configurations for sleep mode and ingress access.

    2. Objects is where you can define Kubernetes manifests that should be created in the virtual cluster.

    3. Apps allows you to select any pre-defined 'applications' (e.g. Cert Manager) that should be installed into the virtual cluster.

    4. Permissions are additional access rules that can be defined for the virtual cluster instance.

    5. Advanced Options allow for advanced configuration different resources.

    tip

    All configuration options in a vCluster defined in the vcluster.yaml can be manually configured when creating any virtual cluster. Read more about the vcluster.yaml configuration options.

  9. Click the button.

  10. Retrieve a kube-context for a virtual cluster using the CLI:

    vcluster connect [vcluster-name] --project [project-name] --driver platform
tip

The platform uses Helm to manage virtual clusters. If your cluster is running in an air-gapped environment, you may host Helm charts in an OCI compatible private registry. To use a private registry for virtual clusters there are several configuration options: