Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
vCluster is a Kubernetes virtualization platform designed to create fully functional virtual clusters within existing namespaces. This tool allows users to run multiple isolated Kubernetes environments on a single host cluster, enhancing multi-tenancy and isolation while reducing costs compared to separate full clusters.
Key Features:
Isolation and Multi-Tenancy: Each vCluster operates in its own namespace, providing strong isolation for enhanced security and resource management.
Cost-Effective: Reduces infrastructure expenses by utilizing shared resources instead of dedicated clusters.
Granular Permissions:
vCluster users operate with minimized permissions in the host cluster, significantly reducing the risk of privileged access misuse. Within their vCluster, users have admin-level control, enabling them to manage CRDs, RBAC, and other security policies independently.
Isolated Control Plane:
Each vCluster comes with its own dedicated API server and control plane, creating a strong isolation boundary.
Customizable Security Policies:
Tenants can implement additional vCluster-specific governance, including OPA policies, network policies, resource quotas, limit ranges, and admission control, in addition to the existing policies and security measures in the underlying physical host cluster.
Security and Isolation: Offers granular permissions and an isolated control plane, minimizing risks associated with privileged access.
Flexibility in Environments and Storage: Supports various Kubernetes versions and distributions, along with adaptable backing stores like SQLite or etcd for scalability needs.
Scalability Enhancements: Reduces API server load through independent management of CRDs within each cluster.
Audience & Benefit:
Ideal for platform engineers, DevOps teams, cloud providers, and organizations requiring scalable Kubernetes solutions without high infrastructure costs. vCluster enables secure, efficient multi-tenant deployments, allowing teams to manage resources independently with reduced complexity and overhead.
This tool is installed via winget, offering a seamless setup process.
Enhanced Data Protection:
With options for separate backing stores, including embedded SQLite, etcd, or external databases, virtual clusters allow for isolated data management, reducing the risk of data leakage between tenants.
Access for Tenants
Full Admin Access per Tenant:
Tenants can freely deploy CRDs, create namespaces, taint, and label nodes, and manage cluster-scoped resources typically restricted in standard Kubernetes namespaces.
Isolated yet Integrated Networking:
While ensuring automatic isolation (for example, pods in different virtual clusters cannot communicate by default), vCluster allows for configurable network policies and service sharing, supporting both separation and sharing as needed.
Node Management:
Assign static nodes to specific virtual clusters or share node pools among multiple virtual clusters, providing flexibility in resource allocation.
Cost-Effectiveness and Reduced Overhead
Lightweight Infrastructure:
Virtual clusters are significantly more lightweight than physical clusters, able to spin up in seconds, which contrasts sharply with the lengthy provisioning times often seen in environments like EKS (~45 minutes).
Resource Efficiency:
By sharing the underlying host cluster's resources, virtual clusters minimize the need for additional physical infrastructure, reducing costs and environmental impact.
Simplified Management:
The vCluster control plane, running inside a single pod, along with optional integrated CoreDNS, minimizes the operational overhead, making virtual clusters especially suitable for large-scale deployments and multi-tenancy scenarios.
Enhanced Flexibility and Compatibility
Diverse Kubernetes Environments:
vCluster supports different Kubernetes versions and distributions (including K8s and K3s), allowing version skews. This makes it possible to tailor each virtual cluster to specific requirements without impacting others.
Adaptable Backing Stores:
Choose from a range of data stores, from lightweight (SQLite) to enterprise-grade options (embedded etcd, external data stores like Global RDS), catering to various scalability and durability needs.
Runs Anywhere:
Virtual clusters can run on EKS, GKE, AKS, OpenShift, RKE, K3s, cloud, edge, and on-prem. As long as it's a K8s cluster, you can run a virtual cluster on top of it.
Improved Scalability
Reduced API Server Load:
Virtual clusters, each with their own dedicated API server, significantly reduce the operational load on the host cluster's Kubernetes API server by isolating and handling requests internally.
Conflict-Free CRD Management:
Independent management of CRDs within each virtual cluster eliminates the potential for CRD conflicts and version discrepancies, ensuring smoother operations and easier scaling as the user base expands.
We're glad to see vCluster being adopted by organizations around the world! Below are just a few examples of how vCluster is being used in production environments:
Atlan: Atlan Reduced Their Infrastructure From 100 Kubernetes Clusters To 1 Using vCluster.
Adobe: Enhancing development environments with virtual clusters.
