What are virtual clusters?

Virtual clustersVirtual ClusterA certified Kubernetes distribution that runs as an isolated, virtual environment nested inside a physical host cluster. Virtual clusters run inside host cluster namespaces but operate as independent Kubernetes environments, each with its own API server, control plane, syncer, and set of resources.Related: vCluster, Host Cluster are certified Kubernetes distributions that run as isolated, virtual environments nested inside a physical host clusterHost ClusterThe physical Kubernetes cluster where virtual clusters are deployed and run. The host cluster provides the infrastructure resources (CPU, memory, storage, networking) that virtual clusters leverage, while maintaining isolation between different virtual environments.Related: Virtual Cluster. They improve isolation and flexibility for multi-tenancyMulti-tenancyThe capability to host multiple separate users, teams, or workloads on the same infrastructure while providing isolation between them. Virtual clusters enhance multi-tenancy in Kubernetes environments.Related: Virtual Cluster by allowing multiple teams to operate independently on the same infrastructure, minimizing conflicts, increasing autonomy, and reducing costs.

vCluster Architecture

Virtual clusters run inside host cluster namespaces but operate as independent Kubernetes environments, each with its own API server, control plane, syncerSyncerA component in vCluster that synchronizes resources between the virtual cluster and the host cluster, enabling virtual clusters to function while maintaining isolation.Related: vCluster, Virtual Cluster, and set of resources.

Although they rely on the host cluster for resource scheduling and networking, virtual clusters maintain a level of abstraction that isolates their operations from the host cluster's global state.

Benefits

Virtual clusters provide immense benefits for large-scale Kubernetes deployments and multi-tenancy.

vCluster Comparison

Robust security and isolation

• Granular permissions: vClustervClusterAn open-source software product that creates and manages virtual Kubernetes clusters inside a host Kubernetes cluster. vCluster improves isolation and multi-tenancy capabilities while reducing infrastructure costs.Related: Virtual Cluster, Host Cluster users operate with minimized permissions in the host cluster
• Isolated control plane: Each virtual cluster comes with its own dedicated API server and control plane, creating a strong isolation boundary.
• Customizable security policies: Tenants can implement additional virtual cluster-specific governance, including OPA policies, network policies, resource quotas, limit ranges, and admission control, in addition to the existing policies and security measures in the underlying physical host cluster.
• Enhanced data protection: With options for separate backing stores, including embedded SQLite, etcd, or external databases, virtual clusters allow for isolated data management, reducing the risk of data leakage between tenants.

Access for tenants

• Full admin access per tenant: Tenants can freely deploy CRDs, create namespaces, taint and label nodes, and manage cluster-scoped resources typically restricted in standard Kubernetes namespaces.
• Isolated yet integrated networking: While ensuring automatic isolation (for example, pods in different virtual clusters cannot communicate by default), vCluster allows for configurable network policies and service sharing, supporting both separation and sharing as needed.
• Node management: Assign static nodes to specific virtual clusters or share node pools among multiple virtual clusters, providing flexibility in resource allocation.

Cost-effectiveness and reduced overhead

• Lightweight infrastructure: Virtual clusters are significantly more lightweight than physical clusters and can spin up in seconds, contrasting sharply with the lengthy provisioning times often seen in environments like EKS (~45 minutes).
• Resource efficiency: By sharing the underlying host cluster's resources, virtual clusters minimize the need for additional physical infrastructure, reducing costs and environmental impact.
• Simplified management: The vCluster control plane, running inside a single pod along with optional integrated CoreDNS, minimizes operational overhead, making virtual clusters especially suitable for large-scale deployments and multi-tenancy scenarios.

Enhanced flexibility and compatibility

• Diverse Kubernetes environments: vCluster supports different Kubernetes versions and distributions (including Kubernetes, K3sK3sA lightweight, certified Kubernetes distribution often used as the default distribution for virtual clusters due to its minimal resource requirements and fast startup time.Related: K8s, K0s, and K0sK0sA lightweight, certified Kubernetes distribution that can be used in virtual clusters as an alternative to K3s or standard Kubernetes.Related: K3s, K8s), allowing version skews. This makes it possible to tailor each virtual cluster to specific requirements without impacting others.
• Adaptable backing stores: Choose from a range of data stores, from lightweight (SQLite) to enterprise-grade options (embedded etcd, external data stores like Global RDS), catering to various scalability and durability needs.
• Runs anywhere: Virtual clusters can run on EKS, GKE, AKS, OpenShift, RKE, K3s, cloud, edge, and on-prem. As long as it's a Kubernetes cluster, you can run a virtual cluster on top of it.

Improved scalability

• Reduced API server load: Virtual clusters, each with their own dedicated API server, significantly reduce the operational load on the host cluster's Kubernetes API server by isolating and handling requests internally.
• Conflict-free CRD management: Independent management of CRDs within each virtual cluster eliminates the potential for CRD conflicts and version discrepancies, ensuring smoother operations and easier scaling as the user base expands.

Common use cases

Pre-production

• Empower developers with self-service Kubernetes: Simplify Kubernetes access for developers through self-service virtual clusters, reducing human error and enhancing developer autonomy without compromising security and compliance requirements.
• Accelerate CI/CD with ephemeral Kubernetes clusters: Instantly create clean, new virtual Kubernetes clusters for each pull request, enabling fast, isolated testing and PR previews without wait times and the struggles of a shared test environment.

Production

• Elevate your ISV offering with a dedicated cluster per customer: Host each customer in a virtual cluster with strict tenant isolation and seamless scalability while consolidating essential tools into a unified platform stack serving multiple tenants.
• Build a managed Kubernetes service with best-in-class COGS and high margins: Enable direct customer access to dedicated virtual Kubernetes clusters, streamlining node and resource allocation for industry-leading efficiency and unparalleled scalability.