README - Vcluster — ContextQMD

</picture>

</a> <p><strong>Flexible Tenancy For Kubernetes and AI Infra</strong></p>

Website • Quickstart • Documentation • Blog • Slack

</div>

What is vCluster?

vCluster creates fully functional virtual Kubernetes clusters that run inside namespaces of a host cluster. Each virtual cluster has its own API server, runs on shared or dedicated infrastructure, and gives you flexible tenancy options—from simple namespaces to fully dedicated clusters.

40M+ virtual clusters deployed by companies like Adobe, CoreWeave, Atlan, and NVIDIA.

</div>

🚀 Quick Start

bash

# Install vCluster CLI
brew install loft-sh/tap/vcluster

# Create a virtual cluster
vcluster create my-vcluster --namespace team-x

# Use kubectl as usual - you're now in your virtual cluster!
kubectl get namespaces

Prerequisites: A running Kubernetes cluster and kubectl configured.

👉 Full Quickstart Guide

🎮 Try Without Installing

No Kubernetes cluster? Try vCluster instantly in your browser:

🆕 What's New

Version	Feature	Description
v0.30	vCluster VPN & Netris Integration	Tailscale-powered overlay network and automated network isolation for hybrid infrastructures
v0.29	Standalone Mode	Run vCluster without a host cluster—directly on bare metal or VMs
v0.28	Auto Nodes	Karpenter-powered dynamic autoscaling for private nodes
v0.27	Private Nodes	External nodes with full CNI/CSI isolation
v0.26	Hybrid Scheduling & Namespace Syncing	Multiple scheduler support for AI/ML workloads and fine-grained namespace synchronization

👉 Full Changelog

🎯 Use Cases

Use Case	Description	Learn More
GPU Cloud Providers	Launch managed K8s for GPUs. Give customers isolated, production-grade Kubernetes fast.	View →
Internal GPU Platform	Maximize GPU utilization without sacrificing isolation. Self-service access for AI/ML teams.	View →
AI Factory	Run AI on-prem where your data lives. Multi-tenant K8s for training, fine-tuning, inference.	View →
Bare Metal K8s	Run Kubernetes on bare metal with zero VMs. Isolation without expensive overhead.	View →
Software Vendors	Ship Kubernetes-native software. Each customer gets their own isolated virtual cluster.	View →
Cost Savings	Cut Kubernetes costs by consolidating clusters. Sleep mode pauses inactive clusters.	View →

🏗️ Architectures

vCluster offers multiple deployment architectures. Each builds on the previous, offering progressively more isolation.

Architecture Comparison

	Shared Nodes	Dedicated Nodes	Private Nodes	Standalone
Host Cluster	Required	Required	Required	Not Required
Node Isolation	❌	✅	✅	✅
CNI/CSI Isolation	❌	❌	✅	✅
Best For	Dev/test, cost	Production	Compliance, GPU	Bare metal, edge

👉 Full Architecture Guide

Minimal Configuration

<details> <summary>🔹 Shared Nodes — Maximum density, minimum cost</summary> Virtual clusters share the host cluster's nodes. Workloads run as regular pods in a namespace. <div align="center"> </div>

yaml

sync:
  fromHost:
    nodes:
      enabled: false  # Uses pseudo nodes

</details> <details> <summary>🔹 Dedicated Nodes — Isolated compute on labeled node pools</summary> Virtual clusters get their own set of labeled host nodes. Workloads are isolated but still managed by the host. <div align="center"> </div>

yaml

sync:
  fromHost:
    nodes:
      enabled: true
      selector:
        labels:
          tenant: my-tenant

</details> <details> <summary>🔹 Private Nodes <sup>v0.27+</sup> — Full CNI/CSI isolation</summary> External nodes join the virtual cluster directly with their own CNI, CSI, and networking stack. Complete workload isolation from the host cluster. <div align="center"> </div>

yaml

privateNodes:
  enabled: true
controlPlane:
  service:
    spec:
      type: NodePort

</details> <details> <summary>🔹 vCluster Standalone <sup>v0.29+</sup> — No host cluster required</summary> Run vCluster without any host cluster. Deploy the control plane directly on bare metal or VMs. The highest level of isolation—vCluster becomes the cluster. <div align="center"> </div>

yaml

controlPlane:
  standalone:
    enabled: true
    joinNode:
      enabled: true
privateNodes:
  enabled: true

</details> <details> <summary>⚡ Auto Nodes <sup>v0.28+</sup> — Karpenter-powered dynamic autoscaling</summary> Automatically provision and deprovision private nodes based on workload demand. Works across public cloud, private cloud, hybrid, and bare metal environments. <div align="center"> </div>

yaml

autoNodes:
  enabled: true
  nodeProvider: <provider>
privateNodes:
  enabled: true

</details>

✨ Key Features

Feature	Description
🎛️ Isolated Control Plane	Each vCluster gets its own API server, controller manager, and data store—complete Kubernetes API isolation
🔗 Shared Platform Stack	Leverage the host cluster's CNI, CSI, ingress, and other infrastructure—no duplicate platform components
🔒 Security & Multi-Tenancy	Tenants get admin access inside their vCluster while having minimal permissions on the host cluster
🔄 Resource Syncing	Bidirectional sync of any Kubernetes resource. Pods, services, secrets, configmaps, CRDs, and more
💤 Sleep Mode	Pause inactive virtual clusters to save resources. Instant wake when needed
🔌 Integrations	Native support for cert-manager, external-secrets, KubeVirt, Istio, and metrics-server
📊 High Availability	Multiple replicas with leader election. Embedded etcd or external databases (PostgreSQL, MySQL, RDS)

🏢 Trusted By

<table> <tr> <td align="center"><a href="https://www.vcluster.com/case-studies/atlan"><strong>Atlan</strong></a> 100 → 1 clusters</td> <td align="center"><a href="https://www.vcluster.com/case-studies/aussie-broadband"><strong>Aussie Broadband</strong></a> 99% faster provisioning</td> <td align="center"><a href="https://www.vcluster.com/case-studies/coreweave"><strong>CoreWeave</strong></a> GPU cloud at scale</td> </tr> <tr> <td align="center"><a href="https://www.vcluster.com/case-studies/lintasarta"><strong>Lintasarta</strong></a> 170+ virtual clusters in prod</td> <td align="center"><a href="https://www.vcluster.com/case-studies/fortune-500-insurance-company"><strong>Fortune 500 Insurance Company</strong></a> 70% reduction in Kubernetes cost</td> <td align="center"><a href="https://www.vcluster.com/case-studies/scanmetrix"><strong>Scanmetrix</strong></a> 99% faster deployments</td> </tr> <tr> <td align="center"><a href="https://www.vcluster.com/case-studies/deloitte"><strong>Deloitte</strong></a> Enterprise K8s platform</td> <td align="center"><a href="https://www.vcluster.com/case-studies/ada-cx"><strong>Ada</strong></a> 10x Developer Productivity</td> <td align="center"><a href="https://www.vcluster.com/case-studies/trade-connectors"><strong>Trade Connectors</strong></a> 50% reduction in K8s ops cost</td> </tr> </table>

Also used by: NVIDIA, ABBYY, Lintasarta, Precisely, Shipwire, Trade Connectors, and many more.

👉 View All Case Studies

📚 Learn More

<details> <summary><strong>🎤 Conference Talks</strong></summary>

Event	Speaker	Title	Link
KubeCon NA 2025 (Keynote)	Lukas Gentele	Autoscaling GPU Clusters Anywhere — Hyperscalers, Neoclouds & Baremetal	Watch
Platform Engineering Day NA 2025 (Keynote)	Saiyam Pathak	AI-Ready Platforms: Scaling Teams Without Scaling Costs	Watch
Rejekts NA 2025	Hrittik Roy, Saiyam Pathak	Beyond the Default Scheduler: Navigating GPU MultiTenancy in AI Era	Watch
KubeCon EU 2025	Paco Xu, Saiyam Pathak	A Huge Cluster or Multi-Clusters? Identifying the Bottleneck	Watch
HashiConf 2025	Scott McAllister	GPU sharing done right: Secrets, security, and scaling with Vault and vCluster	Watch
FOSDEM 2025	Hrittik Roy, Saiyam Pathak	Accelerating CI Pipelines: Rapid Kubernetes Testing with vCluster	Watch
KubeCon India 2024 (Keynote)	Saiyam Pathak	From Outage To Observability: Lessons From a Kubernetes Meltdown	Watch
CNCF Book Club 2024	Marc Boorshtein	Kubernetes - An Enterprise Guide (vCluster)	Watch
KCD NYC 2024	Lukas Gentele	Tenant Autonomy & Isolation In Multi-Tenant Kubernetes Clusters	Watch
KubeCon EU 2023	Ilia Medvedev, Kostis Kapelonis	How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD	Watch
KubeCon NA 2022	Joseph Sandoval, Dan Garfield	How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster	Watch
KubeCon NA 2022	Whitney Lee, Mauricio Salatino	What a RUSH! Let's Deploy Straight to Production!	Watch
TGI Kubernetes 2022	TGI	TGI Kubernetes 188: vCluster	Watch
Mirantis Tech Talks 2022	Mirantis	Multi-tenancy & Isolation using Virtual Clusters (vCluster) in K8s	Watch
Solo Webinar 2022	Rich Burroughs, Fabian Keller	Speed your Istio development environment with vCluster	Watch
KubeCon NA 2021	Lukas Gentele	Beyond Namespaces: Virtual Clusters are the Future of Multi-Tenancy	Watch

</details> <details> <summary><strong>🎬 Community Voice</strong></summary>

Channel	Speaker	Title	Link
TeKanAid 2024	TeKanAid	Getting Started with vCluster: Build Your IDP with Backstage, Crossplane, and ArgoCD	Watch
Rawkode 2021	David McKay, Lukas Gentele	Hands on Introduction to vCluster	Watch
Kubesimplify 2021	Saiyam Pathak, Lukas Gentele	Let's Learn vCluster	Watch
TechWorld with Nana 2021	Nana	Build your Self-Service Kubernetes Platform with Virtual Clusters	Watch
DevOps Toolkit 2021	Viktor Farcic	How To Create Virtual Kubernetes Clusters	Watch

</details>

👉 YouTube Channel • Blog

Custom e2e-next Linters

The project uses custom golangci-lint plugins from e2e-framework that enforce correctness patterns in Ginkgo test code:

Linter	What it checks
`defercleanupcluster`	Every `cluster.Create()` call must have a matching `DeferCleanup(cluster.Destroy(...))` in the same scope
`defercleanupctx`	`DeferCleanup` must not be called with a `setup.Func` - use `e2e.DeferCleanupCtx(ctx, fn)` instead
`ginkgoreturnctx`	Ginkgo node functions (`BeforeEach`, `It`, etc.) that reassign their `context.Context` parameter must also return `context.Context`
`describefunc`	Package-level `var _ = Describe(...)` with `cluster.Use()` must use an exported function pattern instead of auto-registration

These linters run automatically as part of just lint and just lint-e2e. The custom binary is auto-rebuilt when .custom-gcl.yml changes.

Quick commands

bash

# Run custom linters against e2e-next (with autofix)
just lint-e2e

# Rebuild custom golangci-lint binary explicitly
just build-linters

Suppressing a finding

Use //nolint:<linter-name> with a reason:

ctx, err = cluster.Create(...)(...) //nolint:defercleanupcluster // destroyed in SynchronizedAfterSuite

GoLand / IntelliJ setup

GoLand (2025.1+) has built-in golangci-lint support, but it must be pointed at the custom-built binary - the system golangci-lint doesn't know about our plugins.

Build the custom binary once: just build-linters
In GoLand: Settings > Go > Linters
In the Executable dropdown, click + > Browse and select the absolute path to <project-root>/tools/golangci-lint
Leave "Use config" unchecked - GoLand will auto-discover .golangci.yml

Findings from the custom linters will appear inline in the editor and in the Problems tool window.

Troubleshooting: If you see "unknown linter" errors, you're probably running the system binary instead of the custom one. Verify the executable path in Settings > Go > Linters.

After updating linter versions in .custom-gcl.yml, re-run just build-linters and restart the GoLand inspection (or reopen the file).

🤝 Contributing

We welcome contributions! Check out our Contributing Guide to get started.

🔗 Links

Resource	Link
📖 Documentation	vcluster.com/docs
💬 Slack Community	slack.loft.sh
🌐 Website	vcluster.com
🐦 X (Twitter)	@vcluster
💼 LinkedIn	vCluster
💬 Chat with Expert	Start Chat

📜 License

vCluster is licensed under the Apache 2.0 License.

Made with ❤️ by the vCluster community.

⭐ Star us on GitHub — it helps!

</div>