Isolated control plane
This feature is available in the vCluster Pro tier. Contact us for more details and to start a trial.
The vCluster control plane runs in one cluster, while a second, headless vCluster instance runs workloads in a separate cluster.
Key benefits​
-
Optimize resource allocation. Deploy control planes on cost-effective clusters and direct heavy-duty tasks, such as GPU-intensive workloads, to higher-performance clusters.
-
Simplify management. Offer a straightforward, enforceable, alternative to each developer managing increasingly complex amounts of taints, tolerations, or node affinities to schedule workloads to the appropriate clusters.
-
Enhance security with control. Developers can manage workloads via the control plane, even if the workloads reside in a secure zone. This eliminates the need to provide developers with direct cluster access, firewall configurations, and permissions management.
-
Divide responsibilities. Allow for a clear separation of duties, where one team oversees the control plane cluster and other teams handle the workload clusters.
| Deprecated Parameter | Config Field |
|---|---|
--remote-kube-config | kubeConfig |
--remote-namespace | namespace |
--remote-service-name | service |
Configure remote virtual cluster as workload cluster​
Create a virtual cluster with the following configuration, where the headless field is set to true:
isolatedControlPlane:
headless: true
Create a second virtual cluster with the following configuration, where the enabled field is set to true:
isolatedControlPlane:
enabled: true
kubeConfig: VIRTUAL_CLUSTER_KUBECONFIG
namespace: VIRTUAL_CLUSTER_NAMESPACE
service: VIRTUAL_CLUSTER_SERVICE
Replace the following:
VIRTUAL_CLUSTER_KUBECONFIG: the location of the remote virtual cluster's kubeconfig file- Store the kubeconfig in a Secret or ConfigMap.
- Mount the Secret or ConfigMap as a Volume available to the virtual cluster.
- Configure the Volume as a VolumeMount in the syncer.
VIRTUAL_CLUSTER_NAMESPACE: the remote virtual cluster's namespaceVIRTUAL_CLUSTER_SERVICE: the remote vCluster Service name
Config reference​
isolatedControlPlane required object pro​
IsolatedControlPlane is a feature to run the vCluster control plane in a different Kubernetes cluster than the workloads themselves.
isolatedControlPlane required object pro​enabled required boolean pro​
Enabled specifies if the isolated control plane feature should be enabled.
enabled required boolean pro​headless required boolean false pro​
Headless states that Helm should deploy the vCluster in headless mode for the isolated control plane.
headless required boolean false pro​kubeConfig required string pro​
KubeConfig is the path where to find the remote workload cluster kubeconfig.
kubeConfig required string pro​namespace required string pro​
Namespace is the namespace where to sync the workloads into.
namespace required string pro​service required string pro​
Service is the vCluster service in the remote cluster.
service required string pro​