In virtual mode, the only pods running directly on the host are the K3s servers and agents. All "virtual cluster pods" run within these components, meaning they do not appear as individual pods on the host cluster.

The only trade-off is that K3s currently requires privileged mode to operate. We are actively exploring ways to address this limitation and improve security, such as implementing user namespaces or microVMs.

▲

weitzj 4 hours ago | parent [-]

Thank you for your feedback.

I understood from the host cluster perspective you won’t see the child cluster pods. And what is the perspective on nodes?

Can you have like a host cluster spawning on host nodes and the host cluster has control over spawning separate physical nodes which contain the child cluster (api server) + workload pods ?

▲

enrichman 4 hours ago | parent [-]

As I understand it, the virtual cluster pods are treated as standard workloads by the host. This means if you scale the nodes up or down, they will be rescheduled accordingly. You can currently use node selectors to manage this behavior, though we are developing a more flexible approach using affinity rules.

	▲	weitzj 2 hours ago \| parent [-]
		Thank you