vcluster - Virtual Kubernetes Clusters

Last updated 1 year ago

Was this helpful?

vcluster - Virtual Kubernetes Clusters

Get Started

Automatically creates a kube-context on your local machine, so you can now use kubectl with your virtual cluster

Install vcluster CLI

**# amd64 (intel mac)**curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-amd64" && chmod +x vcluster;

sudo mv vcluster /usr/local/bin;

**# arm64 (silicon mac)**curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-arm64" && chmod +x vcluster;

sudo mv vcluster /usr/local/bin;

Create vcluster

vcluster create vcluster-1

Use the vcluster

kubectl create namespace ns-inside-vcluster

helm install ./chart

kubectl get pods --all-namespaces

Full Admin Access

You may not be admin inside the host cluster, but inside the vcluster, you can do anything you want:

Create namespaces
Configure RBAC permissions
Install CRDs and deploy controllers
Test a new ingress controller
...

How does it work?

Virtual clusters run inside namespaces of other clusters. They have a separate API server and a separate data store, so every Kubernetes object you create in the vcluster only exists inside the vcluster.

First, let's create a few namespaces inside our new vcluster:

kubectl create namespace ns-1

Now, we can deploy something into one of the namespaces of our vcluster:

kubectl create deployment nginx --image=nginx -n ns-1

The controller manager of our vcluster will create the pods for this deployment.

kubectl get pods -n ns-1

We can see pods being scheduled inside the vcluster although the vcluster does not have a scheduler and does not have any real nodes.

BUT, where do these pods get scheduled to?

If we are checking the underlying host namespace where our vcluster is running ...

kubectl get pods -n host-namespace-1

... then we can see that the pods are actually running inside the underlying cluster while every other high-level Kubernetes resource such as deployments or CRDs exist only inside the vcluster.

No Admin Privileges Required

As long as you can create a deployment inside a single namespace, you will be able to create a virtual cluster and become admin of this virtual cluster.

vclusters supports a variety of use cases

vcluster uses k3s as its API server to make virtual clusters super lightweight & cost-efficient

100% API compliant

vclusters use the k3s API server, a certified Kubernetes distribution, so when you are working with a vcluster, it will act the same as a regular cluster.

Single Namespace

The vcluster and all of its workloads will be hosted in a single underlying host namespace. Delete the namespace and everything will cleanly be gone.

Lightweight Architecture With Very Low Overhead

vclusters are super lightweight (1 pod), consume very few resources and run on any Kubernetes cluster without requiring privileged access to the underlying cluster.

Highly Configurable

vcluster expose all k8s control plane options and you can even run different k8s versions in your vclusters or enable alpha and beta flags.

Last updated 1 year ago

Was this helpful?

Get Started

Automatically creates a kube-context on your local machine, so you can now use kubectl with your virtual cluster

Install vcluster CLI

**# amd64 (intel mac)**curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-amd64" && chmod +x vcluster;

sudo mv vcluster /usr/local/bin;

**# arm64 (silicon mac)**curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/latest/download/vcluster-darwin-arm64" && chmod +x vcluster;

sudo mv vcluster /usr/local/bin;

Create vcluster

vcluster create vcluster-1

Use the vcluster

kubectl create namespace ns-inside-vcluster

helm install ./chart

kubectl get pods --all-namespaces

Full Admin Access

You may not be admin inside the host cluster, but inside the vcluster, you can do anything you want:

Create namespaces
Configure RBAC permissions
Install CRDs and deploy controllers
Test a new ingress controller
...

How does it work?

First, let's create a few namespaces inside our new vcluster:

kubectl create namespace ns-1

Now, we can deploy something into one of the namespaces of our vcluster:

kubectl create deployment nginx --image=nginx -n ns-1

The controller manager of our vcluster will create the pods for this deployment.

kubectl get pods -n ns-1

We can see pods being scheduled inside the vcluster although the vcluster does not have a scheduler and does not have any real nodes.

BUT, where do these pods get scheduled to?

If we are checking the underlying host namespace where our vcluster is running ...

kubectl get pods -n host-namespace-1

... then we can see that the pods are actually running inside the underlying cluster while every other high-level Kubernetes resource such as deployments or CRDs exist only inside the vcluster.

No Admin Privileges Required

As long as you can create a deployment inside a single namespace, you will be able to create a virtual cluster and become admin of this virtual cluster.

vclusters supports a variety of use cases

vcluster uses k3s as its API server to make virtual clusters super lightweight & cost-efficient

100% API compliant

vclusters use the k3s API server, a certified Kubernetes distribution, so when you are working with a vcluster, it will act the same as a regular cluster.

Single Namespace

The vcluster and all of its workloads will be hosted in a single underlying host namespace. Delete the namespace and everything will cleanly be gone.

Lightweight Architecture With Very Low Overhead

vclusters are super lightweight (1 pod), consume very few resources and run on any Kubernetes cluster without requiring privileged access to the underlying cluster.

Highly Configurable

vcluster expose all k8s control plane options and you can even run different k8s versions in your vclusters or enable alpha and beta flags.