Skip to main content
Version: next
Prime feature only
This feature is only available with a Prime subscription. See plans or contact sales.

vCluster Options

This section describes how vCluster works in our platform and how teams can leverage it for development, testing, and promotion workflows using integrated tools like Backstage, Vault, and Kargo.

High-Level Overview

In our platform, vCluster enables users and teams to create isolated Kubernetes environments on demand, directly within their team scope.

What happens when you create a vCluster?

  • Users/teams initiate vCluster creation via the Backstage Template:
    👉 "New Virtual Cluster"

  • The template provisions two virtual clusters:

    • A test and a prod vCluster
    • Both clusters are connected via a Kargo promotion pipeline, enabling GitOps-based promotion workflows.

  • Each vCluster includes:

    • Dedicated ingress for direct API access (e.g., via kubectl)
    • kubeconfig generated and:
      • Stored in Vault under your team's path
      • Referenced in the Backstage catalog via a direct Vault link
      • Also available in Kubernetes as a Secret in the respective vCluster namespace (for CLI access)

  • The vCluster runs within a namespace of the host cluster but includes its own API server and control plane components (via k8s), providing true Kubernetes semantics and full cluster isolation.

Key Features

FeatureDescription
Secure Accesskubeconfigs are securely stored in Vault and linked in Backstage.
RBACEach vCluster is pre-configured with team-specific access; team members are automatically granted admin rights inside their vCluster.
Ingress per ClusterEnables direct access from your workstation (with optional IP whitelisting).
Promotion WorkflowIntegrated with Kargo for GitOps-based staging workflows.
Self-Service via BackstageTeams create and manage vClusters without platform team involvement.
CRDsTeams can install their own CRDs inside vClusters without affecting the host cluster.

To get started with your vCluster

  1. Navigate to Backstage > Create... > New Virtual Cluster
  2. Follow the instructions to fill in team name, cluster type, and Git repo
  3. After creation:
    • Use the Backstage catalog entry to navigate to Vault and get your kubeconfig
    • Connect via your terminal using kubectl and the generated credentials
    • Deploy workloads and test promotion with Kargo

Additional Information

Showcase Integration: This is a showcase integration – deeper integration of vCluster into Argo CD requires additional security considerations (e.g., service account scoping, resource policies).

Troubleshooting

Ingress Access

For vCluster ingress functionality to work properly, ssl-passthrough must be enabled in your ingress-nginx controller.

Last updated on by phac008