MCPcopy
hub / github.com/loft-sh/vcluster

github.com/loft-sh/vcluster @v0.35.1 sqlite

repository ↗ · DeepWiki ↗ · release v0.35.1 ↗
4,845 symbols 21,724 edges 776 files 992 documented · 20%
README

  <img alt="vCluster" src="https://github.com/loft-sh/vcluster/raw/v0.35.1/docs/static/media/vcluster_horizontal_orange_white.svg" width="400">

Tenant Clusters for Production Kubernetes and AI Infrastructure

Virtual control planes, real isolation — from a single node to 100K-GPU superclusters.

GitHub stars Slack LinkedIn X

WebsiteQuickstartDocumentationBlogSlack

Certified Kubernetes — Distribution      Kubernetes AI Conformant

CNCF Certified Kubernetes — Distribution · Kubernetes AI Conformant


What is vCluster?

vCluster creates Tenant Clusters — fully isolated Kubernetes environments that run on top of a Control Plane Cluster or standalone on dedicated infrastructure or bare metal. Each tenant gets its own API server, CRDs, and RBAC, with a cluster experience indistinguishable from a dedicated Kubernetes cluster.

Built for production. Trusted in production. 40M+ Tenant Clusters deployed by teams at Adobe, CoreWeave, NVIDIA, Lintasarta, Atlan, Deloitte, and hundreds of AI clouds, AI factories, and Fortune 500 platform organizations.

CNCF Certified Kubernetes — Distribution and Kubernetes AI Conformant — every Tenant Cluster is upstream Kubernetes with no vendor lock‑in, validated for portable AI/ML workloads (training, inference, agentic).

The public-cloud experience, on your own infrastructure. Give every team the Kubernetes they need — with strict isolation, hardware-aware scheduling, and zero tenant sprawl — whether you run one region or 100K GPUs.

vCluster demo — create a Tenant Cluster locally with vind, in seconds


🚀 Quick Start

# Install vCluster CLI
brew install loft-sh/tap/vcluster

# Create a Tenant Cluster
vcluster create my-vcluster --namespace team-x

# Use kubectl as usual — you're now in your Tenant Cluster
kubectl get namespaces

Prerequisites: A running Kubernetes cluster and kubectl configured.

👉 Full Quickstart Guide

🐳 Run Locally with Docker — vind

No Kubernetes cluster? Run vCluster directly on Docker with vind (vCluster in Docker) — like kind, but with the full vCluster feature set (UI, sleep/resume, LoadBalancer, image cache):

vcluster create my-vcluster --driver docker
kubectl get namespaces

🎮 Try in the Browser

Try on Killercoda

🎁 vCluster Free Tier

Real usage, not a gated demo. Unlimited Tenant Clusters up to 64 CPUs / 32 GPUs, plus the full vCluster Platform UI — for free. Get Started Free →


🆕 What's New

Version Feature Description
v0.34 Multi-Region Platform & Standalone Snapshots Active/active vCluster Platform across regions (Route 53 + RDS), Standalone snapshots (S3 / OCI / local), first-class template parameters
v0.33 Enterprise Reliability & Storage Automatic leaf-cert regeneration, Azure Blob snapshot destinations, workload-level sleep annotations
v0.32 Docker Driver & DRA Run vCluster on Docker, Dynamic Resource Allocation (DRA) for GPU workloads, in-place pod resizing
v0.31 Snapshots & Cross-Cluster APIs Expanded snapshot/restore lifecycle, PDBs for Tenant Cluster control planes, cross-cluster resource proxying
v0.30 vCluster VPN & Netris Integration Tailscale-powered overlay networking and automated hardware isolation via Netris
v0.27–v0.29 Architecture Foundations Private Nodes (v0.27, CNI/CSI isolation), Auto Nodes (v0.28, Karpenter autoscaling), Standalone Mode (v0.29, no Control Plane Cluster — dedicated infrastructure or bare metal)

👉 Full Changelog


🎯 Use Cases

Use Case Description Learn More
AI Factory Run AI on-prem where your data and GPUs live. Give every team the GPU access they need without multiplying infrastructure. View →
AI Cloud Providers Launch a hyperscaler-like Kubernetes experience for your GPU customers. Isolated, production-grade, in minutes. View →
Internal GPU Platform Maximize GPU utilization without sacrificing isolation. Self-service Kubernetes for AI/ML teams. View →
Bare Metal Kubernetes Run production Kubernetes on bare metal with zero VMs. Isolation without expensive virtualization overhead. View →
Software Vendors Ship Kubernetes-native products. Each customer gets their own isolated Tenant Cluster. View →
Environments & Cost Savings Consolidate clusters, pause idle workloads with sleep mode, and cut Kubernetes cost at scale. View →

🏗️ Architectures

vCluster supports multiple deployment architectures. Each builds on the previous, offering progressively stronger isolation — from dense shared infrastructure to fully standalone deployments on dedicated infrastructure or bare metal.

Architecture Comparison

Shared Nodes Dedicated Nodes Private Nodes Standalone
Control Plane Cluster Required Required Required Not Required
Node Isolation
CNI/CSI Isolation
Bare Metal Ready
Best For Dev/test, density Production tenants Compliance, GPU AI factories, edge

👉 Full Architecture Guide

Minimal Configuration

🔹 Shared Nodes — Maximum density, minimum cost

Tenant Clusters share the Control Plane Cluster's nodes. Workloads run as regular pods in a namespace.

Shared Nodes Architecture

sync:
  fromHost:
    nodes:
      enabled: false  # Uses pseudo nodes

🔹 Dedicated Nodes — Isolated compute on labeled node pools

Tenant Clusters get their own set of labeled nodes on the Control Plane Cluster. Workloads are isolated but still managed by the Control Plane Cluster.

Dedicated Nodes Architecture

sync:
  fromHost:
    nodes:
      enabled: true
      selector:
        labels:
          tenant: my-tenant

🔹 Private Nodes v0.27+ — Full CNI/CSI isolation

External nodes join the Tenant Cluster directly with their own CNI, CSI, and networking stack. Complete workload isolation from the Control Plane Cluster.

Private Nodes Architecture

privateNodes:
  enabled: true
controlPlane:
  service:
    spec:
      type: NodePort

🔹 vCluster Standalone v0.29+ — No Control Plane Cluster required

Run vCluster without any Control Plane Cluster. Deploy the Virtual Control Plane directly on bare metal or VMs. The highest level of isolation — vCluster becomes the cluster.

Standalone Architecture

controlPlane:
  standalone:
    enabled: true
    joinNode:
      enabled: true
privateNodes:
  enabled: true

⚡ Auto Nodes v0.28+ — Karpenter-powered dynamic autoscaling

Automatically provision and deprovision private nodes based on workload demand. Works across public cloud, private cloud, hybrid, and bare metal environments.

Auto Nodes Architecture

autoNodes:
  enabled: true
  nodeProvider: <provider>
privateNodes:
  enabled: true

✨ Key Features

Feature Description
🎛️ Isolated Virtual Control Plane Each Tenant Cluster gets its own API server, controller manager, and data store — complete Kubernetes API isolation
🔗 Shared Platform Stack (Shared / Dedicated Nodes) Leverage the Control Plane Cluster's CNI, CSI, ingress, and other infrastructure — no duplicate platform components
🔒 Strong Tenant Isolation Tenants get admin access inside their Tenant Cluster while having minimal permissions on the Control Plane Cluster
🔄 Resource Syncing (Shared / Dedicated Nodes) Bidirectional sync of any Kubernetes resource — pods, services, secrets, configmaps, CRDs, and more
💤 Sleep Mode Pause inactive Tenant Clusters to save resources. Instant wake when needed
🖥️ Standalone Deployment Run without a Control Plane Cluster on dedicated infrastructure or bare metal — purpose-built for AI factories and on-prem GPU fleets
🧩 Integrations Native support for cert-manager, external-secrets, KubeVirt, Istio, and metrics-server (host-side integrations apply in Shared / Dedicated Nodes modes)
📊 High Availability Multiple replicas with leader election. Embedded etcd or external databases (PostgreSQL, MySQL, RDS)

Shared Platform Stack, Resource Syncing, and host-cluster integrations apply only in Shared and Dedicated Nodes modes, where the Tenant Cluster shares the Control Plane Cluster's CNI, CSI, and platform stack. Private Nodes and Standalone deployments bring their own CNI, CSI, and platform components.


🌐 The vCluster Platform

vCluster is the foundation of a broader platform for running production Kubernetes and AI infrastructure on your own hardware — from a single rack to 100K-GPU supercomputers.

Product What it does
vCluster Tenant Clusters — Virtual Control Planes with API, data, and (optionally) network isolation
vNode Runtime-level isolation. Kernel-enforced boundaries (seccomp, cgroups, namespaces, AppArmor) without VM overhead
vMetal Zero-touch bare metal provisioning for GPU fleets. Turns GPU racks into a cloud platform
Netris (integration) Hardware-enforced network isolation via programmatic VLANs, VRFs, and ACLs

Together these provide a complete foundation for AI factories — certified Kubernetes stacks, isolated Tenant Clusters, runtime workload sandboxing, and GPU infrastructure operations — the same pattern used to run production AI on hundreds of AI clouds and Fortune 500 on-prem platforms.


🏢 Trusted By

Atlan 100 →

Extension points exported contracts — how you extend this code

ControllerModifier (Interface)
ControllerModifier is used to modify the created controller for the syncer [13 implementers]
pkg/syncer/types/syncer.go
Syncer (Interface)
(no doc) [35 implementers]
pkg/server/cert/syncer.go
Restorer (Interface)
(no doc) [10 implementers]
pkg/snapshot/volumes/restorer.go
Option (Interface)
(no doc) [5 implementers]
pkg/patcher/patcher.go
Applier (Interface)
(no doc) [5 implementers]
pkg/util/applier/type.go
Plugin (Interface)
(no doc) [3 implementers]
pkg/plugin/v2/types.go
Config (Interface)
Config is the interface to interact with the docker config [1 implementers]
pkg/docker/config.go
Annotated (Interface)
Annotated is an interface for objects that have annotations [1 implementers]
pkg/kube/meta.go

Core symbols most depended-on inside this repo

Errorf
called by 2559
pkg/util/loghelper/loghelper.go
Get
called by 660
pkg/etcd/client.go
DeepCopy
called by 593
pkg/util/patch/patch.go
Infof
called by 452
pkg/util/loghelper/loghelper.go
WithTimeout
called by 327
test/framework/kubectlcmd.go
Create
called by 277
pkg/etcd/client.go
Delete
called by 232
pkg/helm/helm.go
Equal
called by 220
pkg/helm/time.go

Shape

Function 2,377
Method 1,627
Struct 713
Interface 67
FuncType 32
TypeAlias 29

Languages

Go100%

Modules by API surface

config/config.go255 symbols
pkg/plugin/v2/pluginv2/pluginv2.pb.go84 symbols
pkg/plugin/v1/remote/plugin.pb.go80 symbols
pkg/util/testing/manager.go56 symbols
config/legacyconfig/config.go50 symbols
pkg/plugin/v1/remote/plugin_grpc.pb.go45 symbols
pkg/platform/client.go45 symbols
pkg/platform/helper.go42 symbols
pkg/mappings/registry.go41 symbols
pkg/syncer/synccontext/mapper.go40 symbols
pkg/config/validation.go40 symbols
pkg/controllers/resources/gatewayroutes/translate/translate.go37 symbols

Dependencies from manifests, versioned

cel.dev/exprv0.25.1 · 1×
github.com/AlecAivazis/survey/v2v2.3.7 · 1×
github.com/Azure/azure-sdk-for-go/sdk/azcorev1.20.0 · 1×
github.com/Azure/azure-sdk-for-go/sdk/azidentityv1.13.1 · 1×
github.com/Azure/azure-sdk-for-go/sdk/internalv1.11.2 · 1×
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstoragev1.8.1 · 1×
github.com/Azure/azure-sdk-for-go/sdk/storage/azblobv1.6.4 · 1×
github.com/Azure/go-ansitermv0.0.0-2025010203350 · 1×
github.com/AzureAD/microsoft-authentication-library-for-gov1.6.0 · 1×
github.com/MakeNowJust/heredocv1.0.0 · 1×
github.com/Masterminds/semver/v3v3.4.0 · 1×

Datastores touched

(mysql)Database · 1 repos
vclusterDatabase · 1 repos
vclusterDatabase · 1 repos

For agents

$ claude mcp add vcluster \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact