Isolated control plane
This feature is deprecated as of v0.27 and is removed in v0.28.
This feature is only available when using the following worker node types:
- Host Nodes
This feature is an Enterprise feature. See our pricing plans or contact our sales team for more information.
The vCluster control plane runs in one cluster, while a second, headless vCluster instance runs workloads in a separate cluster.
Key benefits​
-
Optimize resource allocation. Deploy control planes on cost-effective clusters and direct heavy-duty tasks, such as GPU-intensive workloads, to higher-performance clusters.
-
Simplify management. Offer a straightforward, enforceable, alternative to each developer managing increasingly complex amounts of taints, tolerations, or node affinities to schedule workloads to the appropriate clusters.
-
Enhance security with control. Developers can manage workloads via the control plane, even if the workloads reside in a secure zone. This eliminates the need to provide developers with direct cluster access, firewall configurations, and permissions management.
-
Divide responsibilities. Allow for a clear separation of duties, where one team oversees the control plane cluster and other teams handle the workload clusters.
| Deprecated Parameter | Config Field |
|---|---|
--remote-kube-config | kubeConfig |
--remote-namespace | namespace |
--remote-service-name | service |
Configure remote virtual cluster as workload cluster​
Create a virtual cluster with the following configuration, where the headless field is set to true:
isolatedControlPlane:
headless: true
Create a second virtual cluster with the following configuration, where the enabled field is set to true:
isolatedControlPlane:
enabled: true
kubeConfig: VIRTUAL_CLUSTER_KUBECONFIG
namespace: VIRTUAL_CLUSTER_NAMESPACE
service: VIRTUAL_CLUSTER_SERVICE
Replace the following:
VIRTUAL_CLUSTER_KUBECONFIG: the location of the remote virtual cluster's kubeconfig file- Store the kubeconfig in a Secret or ConfigMap.
- Mount the Secret or ConfigMap as a Volume available to the virtual cluster.
- Configure the Volume as a VolumeMount in the syncer.
VIRTUAL_CLUSTER_NAMESPACE: the remote virtual cluster's namespaceVIRTUAL_CLUSTER_SERVICE: the remote vCluster Service name
Config reference​
isolatedControlPlane required object ​
IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.
isolatedControlPlane required object ​enabled required boolean ​
Enabled specifies if the isolated control plane feature should be enabled.
enabled required boolean ​headless required boolean false ​
Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.
headless required boolean false ​kubeConfig required string ​
KubeConfig is the path where to find the remote workload cluster kubeconfig.
kubeConfig required string ​namespace required string ​
Namespace is the namespace where to sync the workloads into.
namespace required string ​service required string ​
Service is the vCluster service in the remote cluster.
service required string ​