It’s a pretty common pattern to run the Kubernetes control plane on a dedicated node or a set of nodes co-located with the worker nodes. But what if we want to run the control plane as truly separated from the workers? Can the control plane be located in a completely different datacenter than the worker nodes even with some network-level disconnection separating the control and worker planes? We’ll start the talk by looking at why to build clusters with a remote control plane, and use cases for such setups. The second part of the talk will introduce the technical concepts that can be used to make it happen. We will look at how the api-server can be set up to use an egress selector proxy for different use cases. Next, we’ll look at a practical example of how it can be used with the Konnectivity API server network proxy. Lastly, we will showcase how all of this works together in open-source Kubernetes platforms like k0s and Kubermatic.