Isolated control plane

Pro Feature

This feature is available in the vCluster Pro tier. Contact us for more details and to start a trial.

The vCluster control plane runs in one cluster, while a second, headless vCluster instance runs workloads in a separate cluster.

Key benefits

Optimize resource allocation. Deploy control planes on cost-effective clusters and direct heavy-duty tasks, such as GPU-intensive workloads, to higher-performance clusters.
Simplify management. Offer a straightforward, enforceable, alternative to each developer managing increasingly complex amounts of taints, tolerations, or node affinities to schedule workloads to the appropriate clusters.
Enhance security with control. Developers can manage workloads via the control plane, even if the workloads reside in a secure zone. This eliminates the need to provide developers with direct cluster access, firewall configurations, and permissions management.
Divide responsibilities. Allow for a clear separation of duties, where one team oversees the control plane cluster and other teams handle the workload clusters.

Deprecated Parameter	Config Field
`--remote-kube-config`	`kubeConfig`
`--remote-namespace`	`namespace`
`--remote-service-name`	`service`

Configure remote virtual cluster as workload cluster

Create a virtual cluster with the following configuration, where the headless field is set to true:

isolatedControlPlane:
  headless: true

Create a second virtual cluster with the following configuration, where the enabled field is set to true:

isolatedControlPlane:
  enabled: true
  kubeConfig: VIRTUAL_CLUSTER_KUBECONFIG
  namespace: VIRTUAL_CLUSTER_NAMESPACE
  service: VIRTUAL_CLUSTER_SERVICE

Replace the following:

VIRTUAL_CLUSTER_KUBECONFIG: the location of the remote virtual cluster's kubeconfig file
- Store the kubeconfig in a Secret or ConfigMap.
- Mount the Secret or ConfigMap as a Volume available to the virtual cluster.
- Configure the Volume as a VolumeMount in the syncer.
VIRTUAL_CLUSTER_NAMESPACE: the remote virtual cluster's namespace
VIRTUAL_CLUSTER_SERVICE: the remote vCluster Service name

Config reference

`isolatedControlPlane` required object pro

IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.

`enabled` required boolean pro

Enabled specifies if the isolated control plane feature should be enabled.

`headless` required boolean false pro

Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.

`kubeConfig` required string pro

KubeConfig is the path where to find the remote workload cluster kubeconfig.

`namespace` required string pro

Namespace is the namespace where to sync the workloads into.

`service` required string pro

Service is the vCluster service in the remote cluster.

Key benefits​

Configure remote virtual cluster as workload cluster​

Config reference​

isolatedControlPlane required object pro​

enabled required boolean pro​

headless required boolean false pro​

kubeConfig required string pro​

namespace required string pro​

service required string pro​