Skip to main content
Version: main 🚧

Connect a Cluster

Enterprise
Available in these plansFreeDevProdScale
Connected Clusters

vCluster Platform manages tenant clusters that run across one or more connected clusters. A connected cluster is a Kubernetes cluster that serves as a Control Plane Cluster, where tenant cluster control planes run. To enable management through vCluster Platform, the vCluster Platform agent must be installed on each cluster you intend to manage. The installation can be performed through the vCluster Platform UI, CLI, or Helm.

Control Plane Cluster access

Direct access to a Control Plane Cluster grants broad permissions to platform resources and tenant clusters running on it. Grant this access only to privileged platform administrators. Unprivileged users should access tenant clusters directly rather than through the Control Plane Cluster or its pods.

  1. Go to Infrastructure > Control Plane Clusters.

  2. Click .

  3. Give your cluster a name in Display Name. Optionally, give a name for the underlying kubernetes resource in the Cluster ID field, or leave it empty to autogenerate one. Then click .

  4. Copy & execute the displayed vCluster CLI or Helm command.

  5. Wait until vCluster Platform installs the agent in your connected cluster.

  6. Once successful, use the displayed CLI command to create a space / virtual cluster in the newly connected cluster.

  7. Click to go to the Control Plane Clusters view.

Connect a cluster

UI will generate a CLI command that can be used to connect the cluster. Make sure to check the CLI tab for working with the command.

When connecting a new cluster, the user creates a new cluster resource and obtains a pre-shared key (PSK) that the user then uses to bootstrap the agent. The agent then utilizes this key to reach the control plane, authenticate itself, and establish a secure WireGuard-based, user-space tunnel.

If the agent cannot establish a direct WireGuard-based connection, the agents falls back to utilising the control plane as a Designated Encrypted Relay for Packets. The control plane relay is comparable to the same role as TURN servers in the ICE standard, using HTTPS streams (or WebSockets) and WireGuards keys instead.

info

If you encounter issues while configuring agent values or deploying it manually, you might want to take a look at the Cluster troubleshooting guide.