10x Cheaper Than "Real" Clusters

Maximize your Kubernetes spend with scalable virtual cluster solutions.

Chat with Sales

Anonymously - no Slack account required

Free

Experimentation, learning, and early development for individuals

$0

Platform fee per year

  • 5 Virtual Clusters
  • 2 Kubernetes Clusters
  • 50 Users
Features
  • Self-Service Kubernetes
  • Templates for Virtual Clusters
and Kubernetes Namespaces
Compare Plans
Enterprise
Request Demo
vCluster Features

Unlock efficiency, flexibility, and control with virtual clusters

Automated Isolation
RBAC

RBAC provides an automated way to configure role-based access control in the underlying host cluster.

Network Isolation

Network Isolation provides an automated way to configure network policies to lock-in the virtual cluster traffic.

Resource Isolation

Resource Isolation provides an automated way to restrict resources for virtual clusters to prevent over-consumption.

Backing stores
SQLite

SQLite is the most lightweight backing store which is hosted inside a file within the virtual cluster pod (typically in a PV).

Self-Managed etcd

Self-Managed etcd means that you either deploy etcd in the host cluster or externally and use it as the backing store.

Embedded etcd

Embedded etcd is as lightweight as k3s+sqlite but optimized for HA and scalability designed for production workloads.

External Database (k8s distro)

External Database allows you to connect a k8s-based virtual cluster to an external database, such as MySQL or RDS.

Networking
Built-In CoreDNS

Built-In CoreDNS bundles CoreDNS into the same pod as vCluster to lower resource consumption and boost startup time.

Custom DNS Entries

Custom DNS Entries lets users connect to services from other vClusters or from the host cluster via cluster-internal DNS.

Extensibility
Plugin SDK

Plugin SDK provides a programming interface for extending and customizing the behavior of a virtual cluster.

Enterprise Plugins

Enterprise Plugins are out-of-the-box plugins we built and maintain for common and advanced vCluster use cases.

Sync Patches

Sync Patches provide an option to alter the vCluster sync process by defining patches applied to objects during sync.

experimental
Observability
Service Monitor

Service Monitor allows you to use Prometheus to collect metrics about the state of the virtual cluster control plane.

Central HostPath Mapper

Central HostPath Mapper is a service that runs inside the host cluster and allows virtual clusters to use symlink host paths.

Security & Policies
Security-Hardened Image

Security-Hardened Image allows enterprises to operate virtual clusters with enhanced security controls.

Zero-Day Vulnerability Alerts

Zero-Day Alerts offer instructions for security patches before a vulnerability is disclosed to the public in our OSS repos.

Central Admission

Central Admission allows to define admission control policies in the host cluster and enforce them in any vCluster.

Deny Proxy Requests

Deny Proxy Requests lets admins define simple admission control deny rules for certain Kubernetes API operations.

experimental
Isolated Control Plane

Isolated Control Plane runs the vCluster control plane in one cluster but syncs workload pods into other Kubernetes clusters.

experimental
Platform Features

Streamline operations, optimize costs, and enhance security across your fleet of virtual Kubernetes clusters

Virtual Cluster Management
VirtualCluster CRDs

VirtualCluster CRD provides a central controller for deploying, managing and upgrading virtual clusters in a declarative way.

Terraform Integration

Terraform Integration enables the provisioning and management of environments with Terraform Providers.

ClusterAPI Integration

ClusterAPI Integration lets you create virtual clusters with the CRDs from the CAPI provider for virtual clusters.

Argo CD Integration

Argo CD Integration automates the import of environments as deployment targets into Argo CD including permission sync.

Rancher Integration

Rancher Integration allows vCluster management inside Rancher plus permission/user sync between both systems.

KubeConfig Management
Automatic Delivery

Automatic KubeConfig Delivery enables your team to retrieve, update and switch the kube-context for vCluster.

Revoking & Rotating Credentials

Revoking & Rotating Credentials allows you to manage access to virtual clusters via central credential management.

Self Service
Templates

Templates enable organizations to codify best practices and enforce security standards on a platform-level.

Template Versioning

Template Versioning allows rolling out security patches faster and allows to implement sophisticated upgrade flows at scale.

Project

Projects allow organizations to organize virtual clusters, resources and access permissions into logical groups.

Quotas

Quotas allow admins to configure resource limits for users and teams within a project to allow for fair use and to control spend.

Cost Optimization
Sleep Mode

Sleep Mode puts idle environments to sleep after a period of inactivity or according to a cron schedule.

Auto Wakeup

Auto Wakeup can resume any sleeping environmen tin real-time when a request comes in.

Auto Delete

Auto Delete destroys idle environments after a period of inactivity or according to a cron schedule.

Secrets Management
Secrets Sync

Secrets Sync allows central management of secrets and simplifies secret update/rotation procedures.

Secrets Encryption

Secrets Encryption provides controls to enable the encryption of secrets stored within the platform for improved security.

Vault Integration

Vault Integration lets users retrieve, distribute and rotate secrets from HashiCorp Vault to their environments.

Auth & Access Control
Users & Access Management

User & Access Management handles all access control and credential management for users in your company.

SSO

Single Sign-On (SSO) for central authentication via SAML2, OIDC, LDAP, oAuth, GitHub, GitLab, etc.

Audit Logging

Audit Logging writes a central log of all user interactions with their environments and the underlying platform itself.

Enforced Ingress Auth

Automated Auth For Ingresses secures ingress routes and forces users to authenticate via SSO first.

Loft Platform as OIDC Provider

Loft Platform as OIDC Provider enables companies to connect other systems to Loft’s SSO mechanism via OIDC.

Deployment Modes
High Availability Mode

HA Mode allows to run the central platform components in HA mode with leader election to ensure uptime and zero downtime.

Multi-Region Mode

Multi-Region Mode runs the platform in multiple regions and even cloud providers for minimal latency and increased HA.

Air-Gapped Mode

Air-Gapped Mode allows to launch the platform with an offline license key, so no connection to Loft’s license API is required.

UI Customization

UI Customizations let companies customize the appearance of the user interface (e.g. custom logo, colors, nav links, etc.).

Support
Email

Email Support via our unified support email address support@loft.sh

In-App Chat

In-App Chat Support adds a lightweight chat widget to the web UI that allows users to directly chat with our support team.

Slack + Teams

Private Shared Channel allows admins to chat with our team from within your company’s Slack or MS Teams workspace.

Community Slack Channel
Private Shared Channel
Phone + Video

Phone + Video Support offers hands-on assistance for customers who want to interact directly with our engineers.

Technical Account Manager

Technical Account Manager supports admins hands-on with anything from the initial setup and rollout to upgrades.

Premium Support & SLA

Custom SLA is a paid add-on for guaranteed response times of our support staff for any mission-critical use of our software.

Paid Add-On
vCluster for Startups

vCluster for startups provides a comprehensive but budget friendly package so that you can get most out of vCluster. If you're a startup with less than $5M in annual recurring revenue this is for you.

World-class brands trust vCluster
FAQs