Getting Started with Palette Virtual Clusters

With Palette Virtual Clusters, you can deploy additional Kubernetes clusters that run as nested clusters within an existing Host Cluster.

There are certain advantages to using a virtual cluster environment. For example, you are free to operate with admin level privileges, while simultaneously ensuring strong isolation, reducing operational overhead, and improving resource utilization.

Try the steps below to enable and deploy a managed Palette Virtual Cluster from within Palette.


  • You will need to have access to a Palette Account. Refer to the Getting Started with Palette page, and sign up for free here.

  • Ensure you have a functioning cluster already configured. If not, you can deploy a new cluster and enable the Palette Virtual Clusters feature at the Settings step of your new cluster's deployment configuration. Clusters with the Palette Virtual Cluster feature enabled are referred to as Host Clusters.

    Host Clusters

    There are two ways to engage with a Palette Virtual Cluster on Palette.

    1. When you create and deploy a new Host Cluster, there is an option to Enable Palette Virtual Clusters.

      Refer to the Cluster Endpoint step below for more information on how to configure this option. The settings listed below are available when you are enabling the Palette Virtual Clusters feature on a pre-existing cluster and when using the Host Cluster deployment wizard.


    2. Similarly, you can enable an existing cluster; thus allowing it to host Palette Virtual Clusters.

Global Role Additional Policies:

There may be situations where additional node-level policies must be added to your deployment. To add additional node-level policies, switch to the Tenant Admin project, and click on the Tenant Settings on the Main Menu. Click on Cloud Accounts. Add an account if one does not exists. After validation of the credentials, ensure Add IAM policies are enabled. You can specify additional policies to be attached. The attached policies will be included to all the clusters launched with this specific cloud Account.

Enabling Palette Virtual Clusters on an Existing Host Cluster

You can enable Palette Virtual Clusters on an existing host cluster by performing the following steps:

  1. From the slide menu, select Clusters and view the list of Clusters.
  1. Click any Host Cluster from the list and select Settings > Cluster Settings > Palette Virtual Clusters.
  1. Toggle the Enable Palette Virtual Clusters option (yes/no).

    Note: This feature can be enabled when first creating a new cluster, so you may find that it is already enabled.

  1. Select the Cluster Endpoint Type: Load Balancer or Ingress.

Load Balancer

If Load Balancer is selected, the following must be true:

  • The Host Cluster must support dynamic provisioning of load balancers.

  • If the Host Cluster is in the public cloud, the AKS/EKS/GCP Cloud Controller Manager will provide this support by default.

  • If the Host Cluster is in a private data center, a bare metal load balancer provider such as MetalLB must be installed and correctly configured.


If Ingress is selected, a Host DNS Pattern must be specified for this Host Cluster. To create a valid Host DNS Pattern, the NGINX Ingress Controller must be deployed on the Host Cluster with SSL passthrough enabled. This allows TLS termination to occur at the Palette Virtual Cluster's Kubernetes API server.

Additionally, a wildcard DNS record must be configured that maps the Host DNS Pattern to the load balancer associated with the NGINX Ingress Controller. See the Example Record in the recap below:

Host DNS Pattern: *

  1. Deploy the NGINX Ingress Controller on the Host Cluster and ensure that SSL passthrough is enabled in the NGINX Ingress Controller pack's values.yaml. Specifically, charts.ingress-nginx.controller.extraArgs must be set as follows:

    enable-ssl-passthrough: true
  2. Identify the public DNS name of the load balancer associated with the LoadBalancer Service that is associated with your NGINX Ingress Controller deployment.

  3. Create a wildcard DNS record (e.g., in AWS Route53) mapping the Host Pattern to the NGINX Ingress Controller load balancer.

    Example Record with Host DNS Pattern
    AWS Route 53 Here is an example of an
    AWS Route53 record for the
    Host DNS Pattern.

Deploying a Palette Virtual Cluster

  1. From the slide menu, select the Clusters tab and click the Palette Virtual Clusters tab to list the available Palette Virtual Clusters, and then select Add New Palette Virtual Cluster.
  1. Complete the Deploy New Palette Virtual Cluster information:

    • Select a Host Cluster.

    • Add a Cluster name.

      Note: Use lowercase letters and do not add spaces.

    • Provide a Description and Tags. These are optional.

    • Click the Attach Profile button to assign a profile.

      Note: Optionally, attach one or more Add-on layer(s) to this cluster. If you do not have a Cluster Profile, see the Creating Cluster Profile page for more information.

  1. If the Host Cluster's Cluster Endpoint Type is a Load Balancer, you may optionally provide the following advanced configurations here:

Your Palette Virtual Cluster is now deployed. If you would like more information on managing your resources, review the links below.

Palette does not support Usage and Cost metrics for the Palette Virtual Clusters running on GKE (Google Kubernetes Engine).