Running Nested Kubernetes Clusters with VMLC and SmartIDE – A Complete Tutorial

The concept of a "k8s nested cluster" (running a full Kubernetes cluster inside a pod) may sound crazy but is actually very practical for developers who need an isolated, reproducible environment for testing complex scheduling scenarios without provisioning separate servers.

Traditional approaches—building a full cluster on a server, using a local minikube/docker‑desktop instance, or deploying directly to production—each have drawbacks such as high resource consumption, limited node count, or risk. Cloud‑native development increasingly requires developers to work inside containers, and a cloud‑native IDE can provide a standardized, on‑demand environment that can be started and destroyed instantly.

SmartIDE is a cloud‑native IDE built on the "IDE as Code" principle. It supports multiple languages (frontend/Node, Java, .NET, Python, PHP, Go, C/C++) and can be launched via a CLI or managed centrally with SmartIDE Server. The platform includes a pre‑configured VMLC (VM‑Like Container) that provides systemd, sshd, and nested Docker/K8s capabilities.

To create an Azure Kubernetes Service (AKS) cluster that will host the VMLC, run the following script (compatible with Windows, macOS, and Linux):

## 以下脚本可以在Windows/MacOS/Linux上运行
## 创建aks
## 登录并切换到你需要使用的订阅
az login 
az account set -s <订阅ID>
## 创建资源组
az group create --name SmartIDE-DEMO-RG --location southeastasia
## 创建单节点 AKS 集群
az aks create -g SmartIDE-DEMO-RG -n SmartIDEAKS --location southeastasia --node-vm-size Standard_B8ms --node-count 1 --disable-rbac --generate-ssh-keys
## 获取 kubeconfig
az aks get-credentials -g SmartIDE-DEMO-RG -n SmartIDEAKS

After the cluster is ready (usually under 5 minutes), install the sysbox container runtime on the nodes to enable nested containers:

# 获取节点名称
kubectl get nodes
# 为节点添加 label
kubectl label nodes <节点名称> sysbox-install=yes
# 安装 sysbox（国内地址）
kubectl apply -f https://gitee.com/smartide/SmartIDE/raw/main/server/deployment/k8s-manifest/sysbox-install.yaml
# 或者使用国际地址
kubectl apply -f https://raw.githubusercontent.com/SmartIDE/SmartIDE/main/server/deployment/k8s-manifest/sysbox-install.yaml

Deploy the VMLC development environment using the manifest provided in the smartide-dapr-traffic-control repository:

apiVersion: v1
kind: Pod
metadata:
  name: smartide-dev-container
  annotations:
    io.kubernetes.cri-o.userns-mode: "auto:size=65536"
spec:
  runtimeClassName: sysbox-runc
  containers:
  - name: smartide-dev-container
    image: registry.cn-hangzhou.aliyuncs.com/smartide/smartide-dotnet-v2-vmlc
    command: ["/sbin/init"]
  restartPolicy: Never

Apply the manifest:

kubectl apply -f vmlc/smartide-vscode-v2-vmlc.yaml

Once the pod reaches Running , you can access the containerized IDE. The built‑in VS Code WebIDE is reachable by forwarding port 3000 to a local port (e.g., 6800) and opening http://localhost:6800 in a browser:

kubectl port-forward smartide-dev-container 6800:3000

For a hybrid workflow, forward the SSH port (22) to a local port (22002) and connect with VS Code Remote‑SSH or JetBrains Gateway:

kubectl port-forward smartide-dev-container 22002:22
ssh smartide@localhost -p 22002

Inside the VMLC you have a non‑root smartide user and a full set of cloud‑native tools (dotnet SDK, Dapr CLI, kubectl, helm, Docker, etc.). The sample Dapr application sample-dapr-traffic-control can be cloned and built directly:

git clone https://github.com/SmartIDE/sample-dapr-traffic-control.git
cd sample-dapr-traffic-control
# Build Docker images (PowerShell script)
pwsh build-docker-images.ps1
# Push images (optional)
docker login
pwsh push-docker-images.ps1

Deploy the Dapr runtime and the sample app to the nested cluster:

dapr init -k
pwsh start.ps1

To create a nested Kubernetes cluster inside the VMLC, use kind with a multi‑node configuration:

cd vmlc
kind create cluster \
    --config multi-node.yaml \
    --image registry.cn-hangzhou.aliyuncs.com/smartide/nestybox-kindestnode:v1.20.7

After the inner cluster is up, you can verify the nodes with k9s or kubectl get nodes . When the demo is finished, clean up the VMLC environment with:

kubectl delete -f vmlc/smartide-vscode-v2-vmlc.yaml

The article concludes that VMLC provides a lightweight, secure, root‑less way to run full Kubernetes clusters for development, eliminating the need for heavyweight local setups while preserving code security and enabling powerful cloud resources for AI, big data, blockchain, and other compute‑intensive workloads.