How to Choose Between Shared and Virtual Mode

"I’m building a web app that should be exposed outside the virtual cluster."
→ Use Shared mode. It allows you to expose your application.

"`I need to run Jupyter notebooks that leverage the cluster’s GPU.`"
→ Use Shared mode. It gives access to physical devices while keeping overhead low.

"I want to monitor and secure all tenant workloads from a central location."
→ Use Shared mode. Host-level agents (e.g., observability, policy enforcement) work across all virtual clusters.

"I need to enforce security policies like network policies or runtime scanning across all workloads."
→ Use Shared mode. The platform can enforce policies globally without tenant bypass.

"I need to test a new admission controller or policy engine."
→ Use Shared mode, if it’s scoped to your virtual cluster. You can run tools like Kubewarden without affecting the host.

"I want to spin up disposable virtual clusters per pipeline run, fast and with low resource cost."
→ Use Shared mode. It’s quick to provision and ideal for short-lived, namespace-scoped environments.

"I need to test a new Kubernetes feature gate that’s disabled in the host cluster."
→ Use Virtual mode. You can configure your own control plane flags and API features.

"We’re testing upgrades across Kubernetes versions, including new API behaviors." → Use Virtual mode. You can run different Kubernetes versions and safely validate upgrade paths.

"I’m evaluating a new CNI that needs full control of the cluster’s networking."
→ Use Virtual mode. You can run a separate CNI stack without affecting the host or other tenants.

"I’m testing a new admission controller and policy engine before rolling it out cluster-wide."
→ Use Virtual mode, if you need to test cluster-wide policies, custom admission flow, or advanced extensions with full control.