Skip to main content
Version: v4.8 Stable

Manually configure a virtual cluster

Each virtual cluster belongs to a project. Projects control whether users can create virtual clusters with or without templates.

Who can create virtual clusters without a template​

By default, projects require templates for virtual cluster creation. This means:

  • Project users can only create virtual clusters from allowed templates configured by the project admin.
  • Project admins and platform admins can always create virtual clusters without a template, regardless of project settings.

If project admins disable the requireTemplate setting, project users can also create virtual clusters without templates. Keep this setting enabled in production environments to maintain security controls.

Create without template​

Security consideration

Creating virtual clusters without a template bypasses the security controls that templates provide. Users with this capability can configure any vCluster settings, including sync configurations that could grant elevated access to host cluster resources.

For production environments:

  • Keep templates required for all projects (the default requireTemplate setting)
  • Grant project admin roles only to users who need to create virtual clusters without templates
  • Control who can create projects, since project creators become project admins. See project membership for details on project roles
  • Use hardened templates to control which resources can be synced to and from the host cluster

  1. From the project drop-down menu (top left corner), select the project you'd like to create the virtual cluster in.

  2. Click on Virtual Clusters.

  3. Click the button.

  4. Follow the steps in the UI to create the virtual cluster.

  5. Retrieve a kube-context for a virtual cluster using the CLI:

    vcluster connect [vcluster-name] --project [project-name] --driver platform
tip

The platform uses Helm to manage virtual clusters. If your cluster is running in an air-gapped environment, you may host Helm charts in an OCI compatible private registry. To use a private registry for virtual clusters there are several configuration options: