Version: v0.25

Isolated control plane

Deprecated Feature

This feature is deprecated as of v0.27 and is removed in v0.28.

Enterprise-Only Feature

This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.

The vCluster control plane runs in one cluster, while a second, headless vCluster instance runs workloads in a separate cluster.

Key benefits

Optimize resource allocation. Deploy control planes on cost-effective clusters and direct heavy-duty tasks, such as GPU-intensive workloads, to higher-performance clusters.
Simplify management. Offer a straightforward, enforceable, alternative to each developer managing increasingly complex amounts of taints, tolerations, or node affinities to schedule workloads to the appropriate clusters.
Enhance security with control. Developers can manage workloads via the control plane, even if the workloads reside in a secure zone. This eliminates the need to provide developers with direct cluster access, firewall configurations, and permissions management.
Divide responsibilities. Allow for a clear separation of duties, where one team oversees the control plane cluster and other teams handle the workload clusters.

Deprecated Parameter	Config Field
`--remote-kube-config`	`kubeConfig`
`--remote-namespace`	`namespace`
`--remote-service-name`	`service`

Configure remote virtual cluster as workload cluster

Create a virtual cluster with the following configuration, where the headless field is set to true:

isolatedControlPlane:
  headless: true

Create a second virtual cluster with the following configuration, where the enabled field is set to true:

isolatedControlPlane:
  enabled: true
  kubeConfig: VIRTUAL_CLUSTER_KUBECONFIG
  namespace: VIRTUAL_CLUSTER_NAMESPACE
  service: VIRTUAL_CLUSTER_SERVICE

Replace the following:

VIRTUAL_CLUSTER_KUBECONFIG: the location of the remote virtual cluster's kubeconfig file
- Store the kubeconfig in a Secret or ConfigMap.
- Mount the Secret or ConfigMap as a Volume available to the virtual cluster.
- Configure the Volume as a VolumeMount in the syncer.
VIRTUAL_CLUSTER_NAMESPACE: the remote virtual cluster's namespace
VIRTUAL_CLUSTER_SERVICE: the remote vCluster Service name

Config reference

`isolatedControlPlane` required object

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

`enabled` required boolean

Enabled specifies if the isolated control plane feature should be enabled.

`headless` required boolean false

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

`kubeConfig` required string

KubeConfig is the path where to find the remote workload cluster kubeconfig.

`namespace` required string

Namespace is the namespace where to sync the workloads into.

`service` required string

Service is the vCluster service in the remote cluster.

Key benefits​

Configure remote virtual cluster as workload cluster​

Config reference​

isolatedControlPlane required object ​

enabled required boolean ​

headless required boolean false ​

kubeConfig required string ​

namespace required string ​

service required string ​