README
ยถ
Flexible Tenancy For Kubernetes and AI Infra
Website โข Quickstart โข Documentation โข Blog โข Slack
What is vCluster?
vCluster creates fully functional virtual Kubernetes clusters that run inside namespaces of a host cluster. Each virtual cluster has its own API server, runs on shared or dedicated infrastructure, and gives you flexible tenancy optionsโfrom simple namespaces to fully dedicated clusters.
40M+ virtual clusters deployed by companies like Adobe, CoreWeave, Atlan, and NVIDIA.
๐ Quick Start
# Install vCluster CLI
brew install loft-sh/tap/vcluster
# Create a virtual cluster
vcluster create my-vcluster --namespace team-x
# Use kubectl as usual - you're now in your virtual cluster!
kubectl get namespaces
Prerequisites: A running Kubernetes cluster and kubectl configured.
๐ฎ Try Without Installing
No Kubernetes cluster? Try vCluster instantly in your browser:
๐ What's New
| Version | Feature | Description |
|---|---|---|
| v0.30 | vCluster VPN & Netris Integration | Tailscale-powered overlay network and automated network isolation for hybrid infrastructures |
| v0.29 | Standalone Mode | Run vCluster without a host clusterโdirectly on bare metal or VMs |
| v0.28 | Auto Nodes | Karpenter-powered dynamic autoscaling for private nodes |
| v0.27 | Private Nodes | External nodes with full CNI/CSI isolation |
| v0.26 | Hybrid Scheduling & Namespace Syncing | Multiple scheduler support for AI/ML workloads and fine-grained namespace synchronization |
๐ Full Changelog
๐ฏ Use Cases
| Use Case | Description | Learn More |
|---|---|---|
| GPU Cloud Providers | Launch managed K8s for GPUs. Give customers isolated, production-grade Kubernetes fast. | View โ |
| Internal GPU Platform | Maximize GPU utilization without sacrificing isolation. Self-service access for AI/ML teams. | View โ |
| AI Factory | Run AI on-prem where your data lives. Multi-tenant K8s for training, fine-tuning, inference. | View โ |
| Bare Metal K8s | Run Kubernetes on bare metal with zero VMs. Isolation without expensive overhead. | View โ |
| Software Vendors | Ship Kubernetes-native software. Each customer gets their own isolated virtual cluster. | View โ |
| Cost Savings | Cut Kubernetes costs by consolidating clusters. Sleep mode pauses inactive clusters. | View โ |
๐๏ธ Architectures
vCluster offers multiple deployment architectures. Each builds on the previous, offering progressively more isolation.
Architecture Comparison
| Shared Nodes | Dedicated Nodes | Private Nodes | Standalone | |
|---|---|---|---|---|
| Host Cluster | Required | Required | Required | Not Required |
| Node Isolation | โ | โ | โ | โ |
| CNI/CSI Isolation | โ | โ | โ | โ |
| Best For | Dev/test, cost | Production | Compliance, GPU | Bare metal, edge |
Minimal Configuration
๐น Shared Nodes โ Maximum density, minimum cost
Virtual clusters share the host cluster's nodes. Workloads run as regular pods in a namespace.
sync:
fromHost:
nodes:
enabled: false # Uses pseudo nodes
๐น Dedicated Nodes โ Isolated compute on labeled node pools
Virtual clusters get their own set of labeled host nodes. Workloads are isolated but still managed by the host.
sync:
fromHost:
nodes:
enabled: true
selector:
labels:
tenant: my-tenant
๐น Private Nodes v0.27+ โ Full CNI/CSI isolation
External nodes join the virtual cluster directly with their own CNI, CSI, and networking stack. Complete workload isolation from the host cluster.
privateNodes:
enabled: true
controlPlane:
service:
spec:
type: NodePort
๐น vCluster Standalone v0.29+ โ No host cluster required
Run vCluster without any host cluster. Deploy the control plane directly on bare metal or VMs. The highest level of isolationโvCluster becomes the cluster.
controlPlane:
standalone:
enabled: true
joinNode:
enabled: true
privateNodes:
enabled: true
โก Auto Nodes v0.28+ โ Karpenter-powered dynamic autoscaling
Automatically provision and deprovision private nodes based on workload demand. Works across public cloud, private cloud, hybrid, and bare metal environments.
autoNodes:
enabled: true
nodeProvider: <provider>
privateNodes:
enabled: true
โจ Key Features
| Feature | Description |
|---|---|
| ๐๏ธ Isolated Control Plane | Each vCluster gets its own API server, controller manager, and data storeโcomplete Kubernetes API isolation |
| ๐ Shared Platform Stack | Leverage the host cluster's CNI, CSI, ingress, and other infrastructureโno duplicate platform components |
| ๐ Security & Multi-Tenancy | Tenants get admin access inside their vCluster while having minimal permissions on the host cluster |
| ๐ Resource Syncing | Bidirectional sync of any Kubernetes resource. Pods, services, secrets, configmaps, CRDs, and more |
| ๐ค Sleep Mode | Pause inactive virtual clusters to save resources. Instant wake when needed |
| ๐ Integrations | Native support for cert-manager, external-secrets, KubeVirt, Istio, and metrics-server |
| ๐ High Availability | Multiple replicas with leader election. Embedded etcd or external databases (PostgreSQL, MySQL, RDS) |
๐ข Trusted By
| Atlan 100 โ 1 clusters |
Aussie Broadband 99% faster provisioning |
CoreWeave GPU cloud at scale |
| Lintasarta 170+ virtual clusters in prod |
Fortune 500 Insurance Company 70% reduction in Kubernetes cost |
Scanmetrix 99% faster deployments |
| Deloitte Enterprise K8s platform |
Ada 10x Developer Productivity |
Trade Connectors 50% reduction in K8s ops cost |
Also used by: NVIDIA, ABBYY, Lintasarta, Precisely, Shipwire, Trade Connectors, and many more.
๐ Learn More
๐ค Conference Talks
| Event | Speaker | Title | Link |
|---|---|---|---|
| KubeCon NA 2025 (Keynote) | Lukas Gentele | Autoscaling GPU Clusters Anywhere โ Hyperscalers, Neoclouds & Baremetal | Watch |
| Platform Engineering Day NA 2025 (Keynote) | Saiyam Pathak | AI-Ready Platforms: Scaling Teams Without Scaling Costs | Watch |
| Rejekts NA 2025 | Hrittik Roy, Saiyam Pathak | Beyond the Default Scheduler: Navigating GPU MultiTenancy in AI Era | Watch |
| KubeCon EU 2025 | Paco Xu, Saiyam Pathak | A Huge Cluster or Multi-Clusters? Identifying the Bottleneck | Watch |
| HashiConf 2025 | Scott McAllister | GPU sharing done right: Secrets, security, and scaling with Vault and vCluster | Watch |
| FOSDEM 2025 | Hrittik Roy, Saiyam Pathak | Accelerating CI Pipelines: Rapid Kubernetes Testing with vCluster | Watch |
| KubeCon India 2024 (Keynote) | Saiyam Pathak | From Outage To Observability: Lessons From a Kubernetes Meltdown | Watch |
| CNCF Book Club 2024 | Marc Boorshtein | Kubernetes - An Enterprise Guide (vCluster) | Watch |
| KCD NYC 2024 | Lukas Gentele | Tenant Autonomy & Isolation In Multi-Tenant Kubernetes Clusters | Watch |
| KubeCon EU 2023 | Ilia Medvedev, Kostis Kapelonis | How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD | Watch |
| KubeCon NA 2022 | Joseph Sandoval, Dan Garfield | How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster | Watch |
| KubeCon NA 2022 | Whitney Lee, Mauricio Salatino | What a RUSH! Let's Deploy Straight to Production! | Watch |
| TGI Kubernetes 2022 | TGI | TGI Kubernetes 188: vCluster | Watch |
| Mirantis Tech Talks 2022 | Mirantis | Multi-tenancy & Isolation using Virtual Clusters (vCluster) in K8s | Watch |
| Solo Webinar 2022 | Rich Burroughs, Fabian Keller | Speed your Istio development environment with vCluster | Watch |
| KubeCon NA 2021 | Lukas Gentele | Beyond Namespaces: Virtual Clusters are the Future of Multi-Tenancy | Watch |
๐ฌ Community Voice
| Channel | Speaker | Title | Link |
|---|---|---|---|
| TeKanAid 2024 | TeKanAid | Getting Started with vCluster: Build Your IDP with Backstage, Crossplane, and ArgoCD | Watch |
| Rawkode 2021 | David McKay, Lukas Gentele | Hands on Introduction to vCluster | Watch |
| Kubesimplify 2021 | Saiyam Pathak, Lukas Gentele | Let's Learn vCluster | Watch |
| TechWorld with Nana 2021 | Nana | Build your Self-Service Kubernetes Platform with Virtual Clusters | Watch |
| DevOps Toolkit 2021 | Viktor Farcic | How To Create Virtual Kubernetes Clusters | Watch |
๐ YouTube Channel โข Blog
Custom e2e-next Linters
The project uses custom golangci-lint plugins from e2e-framework that enforce correctness patterns in Ginkgo test code:
| Linter | What it checks |
|---|---|
defercleanupcluster |
Every cluster.Create() call must have a matching DeferCleanup(cluster.Destroy(...)) in the same scope |
defercleanupctx |
DeferCleanup must not be called with a setup.Func - use e2e.DeferCleanupCtx(ctx, fn) instead |
ginkgoreturnctx |
Ginkgo node functions (BeforeEach, It, etc.) that reassign their context.Context parameter must also return context.Context |
describefunc |
Package-level var _ = Describe(...) with cluster.Use() must use an exported function pattern instead of auto-registration |
These linters run automatically as part of just lint and just lint-e2e.
The custom binary is auto-rebuilt when .custom-gcl.yml changes.
Quick commands
# Run custom linters against e2e-next (with autofix)
just lint-e2e
# Rebuild custom golangci-lint binary explicitly
just build-linters
Suppressing a finding
Use //nolint:<linter-name> with a reason:
ctx, err = cluster.Create(...)(...) //nolint:defercleanupcluster // destroyed in SynchronizedAfterSuite
GoLand / IntelliJ setup
GoLand (2025.1+) has built-in golangci-lint support, but it must be pointed at
the custom-built binary - the system golangci-lint doesn't know about our
plugins.
- Build the custom binary once:
just build-linters - In GoLand: Settings > Go > Linters
- In the Executable dropdown, click + > Browse and select the
absolute path to
<project-root>/tools/golangci-lint - Leave "Use config" unchecked - GoLand will auto-discover
.golangci.yml
Findings from the custom linters will appear inline in the editor and in the Problems tool window.
Troubleshooting: If you see "unknown linter" errors, you're probably running the system binary instead of the custom one. Verify the executable path in Settings > Go > Linters.
After updating linter versions in
.custom-gcl.yml, re-runjust build-lintersand restart the GoLand inspection (or reopen the file).
๐ค Contributing
We welcome contributions! Check out our Contributing Guide to get started.
๐ Links
| Resource | Link |
|---|---|
| ๐ Documentation | vcluster.com/docs |
| ๐ฌ Slack Community | slack.loft.sh |
| ๐ Website | vcluster.com |
| ๐ฆ X (Twitter) | @vcluster |
| ๐ผ LinkedIn | vCluster |
| ๐ฌ Chat with Expert | Start Chat |
๐ License
vCluster is licensed under the Apache 2.0 License.
ยฉ 2026 Loft Labs. All rights reserved.
Made with โค๏ธ by the vCluster community.
โญ Star us on GitHub โ it helps!
Directories
ยถ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
vcluster
command
|
|
|
vclusterctl
command
|
|
|
e2e-next
|
|
|
clusters
Package clusters defines all vCluster instances used by e2e tests.
|
Package clusters defines all vCluster instances used by e2e tests. |
|
test_core/coredns
Package coredns contains CoreDNS resolution tests.
|
Package coredns contains CoreDNS resolution tests. |
|
test_core/lifecycle
Package lifecycle contains vCluster CLI lifecycle tests (connect, pause/resume, etc.).
|
Package lifecycle contains vCluster CLI lifecycle tests (connect, pause/resume, etc.). |
|
test_core/sync
Package sync contains core resource sync tests (pods, PVCs, services, etc.).
|
Package sync contains core resource sync tests (pods, PVCs, services, etc.). |
|
test_core/sync/fromhost
Package fromhost contains fromHost sync tests.
|
Package fromhost contains fromHost sync tests. |
|
test_deploy
Package test_deploy contains deployment tests (Helm charts, init manifests).
|
Package test_deploy contains deployment tests (Helm charts, init manifests). |
|
test_integration/metricsproxy
Package metricsproxy contains metrics proxy integration tests.
|
Package metricsproxy contains metrics proxy integration tests. |
|
test_integration/plugin
Package plugin contains legacy vCluster plugin tests (v1 and v2).
|
Package plugin contains legacy vCluster plugin tests (v1 and v2). |
|
test_modes/nodesync
Package nodesync contains all-nodes sync mode tests.
|
Package nodesync contains all-nodes sync mode tests. |
|
test_modes/scheduler
Package scheduler contains virtual scheduler tests.
|
Package scheduler contains virtual scheduler tests. |
|
test_security/certs
Package certs contains certificate rotation and expiration tests.
|
Package certs contains certificate rotation and expiration tests. |
|
test_security/isolation
Package isolation contains isolation mode tests.
|
Package isolation contains isolation mode tests. |
|
test_security/kubeletproxy
Package kubeletproxy contains kubelet proxy access control tests.
|
Package kubeletproxy contains kubelet proxy access control tests. |
|
test_security/rootless
Package rootless contains rootless mode tests.
|
Package rootless contains rootless mode tests. |
|
test_security/webhook
Package webhook contains admission webhook tests.
|
Package webhook contains admission webhook tests. |
|
test_storage/snapshot
Package snapshot contains snapshot and restore tests.
|
Package snapshot contains snapshot and restore tests. |
|
hack
|
|
|
assets/cmd
command
|
|
|
compat-matrix
command
|
|
|
schema
command
|
|
|
pkg
|
|
|
util/websocketproxy
Package websocketproxy is a reverse proxy for WebSocket connections.
|
Package websocketproxy is a reverse proxy for WebSocket connections. |
|
test
|
|
Click to show internal directories.
Click to hide internal directories.