Scale Kubernetes Without Scaling Costs

Shared Nodes allows virtual clusters to schedule workloads onto the host cluster’s existing worker nodes for maximum density and cost efficiency.

Dedicated Nodes reserves a labeled subset of host cluster nodes exclusively for a virtual cluster to improve isolation and performance predictability.

Private Nodes lets you attach dedicated worker nodes to a virtual cluster so those nodes can only be used by a single tenant.

Auto Nodes automatically provisions and manages private nodes on demand using built-in Karpenter-based autoscaling through vCluster Platform.

Standalone runs a vCluster control plane as a binary without requiring a host cluster, using private nodes for a fully dedicated setup.

vNode is a multi-tenancy container runtime that provides strong workload isolation using Linux user namespaces and seccomp filters.

SQLite is the most lightweight backing store which is hosted inside a file within the virtual cluster pod (typically in a PV).

Embedded etcd is as lightweight as k3s+sqlite but optimized for HA and scalability designed for production workloads.

External Database allows you to store a virtual cluster’s state in an external database, such as MySQL or Postgres (e.g. in RDS).

Core Resources sync ensures that essential Kubernetes resources, like ConfigMaps and Secrets, are seamlessly synchronized between the host and virtual clusters.

Custom Resources (CRDs) sync ensures that user-defined Kubernetes resources and their definitions are properly synchronized between the host and virtual clusters for seamless operation.

Namespace 1:1 Sync creates matching namespaces on the host cluster so synced resources keep their original names and structure.

Sync Patches provide an option to alter the vCluster sync process by defining patches applied to objects during sync.

Hybrid Scheduling lets pods be scheduled by either the virtual or host scheduler, enabling flexible placement and fallback behavior.

Snapshots create point-in-time backups of a virtual cluster’s state so you can restore environments quickly using the vCluster CLI.

UI Customizations let companies customize the appearance of the user interface (e.g. custom logo, colors, nav links, etc.).

User & Access Management handles all access control and credential management for users in your company.

Kube-Config Management simplifies access control by securely managing and distributing Kubernetes configuration files.

Templates enable organizations to codify best practices and enforce security standards across platform users and teams.

Template Versioning allows rolling out security patches faster and allows to implement sophisticated upgrade flows at scale.

Quotas allow admins to configure resource limits for users and teams within a project to allow for fair use and to control spend.

Sleep Mode puts idle environments to sleep after a period of inactivity (e.g. no kubectl commands) or according to a schedule.

Auto Wakeup resumes any sleeping environment in real-time when a request comes in (e.g. kubectl commands or ingress).

Auto Delete destroys idle environments after a period of inactivity or according to a cron schedule.

Single Sign-On (SSO) for central authentication via SAML2, OIDC, LDAP, oAuth, GitHub, GitLab, etc.

Audit Logging writes a central log of all user interactions with their environments and the underlying platform itself.

Zero-Day Alerts offer instructions for security patches before a vulnerability is disclosed to the public in our OSS repos.

Security Review ensures that vCluster meets your organization’s security and compliance standards through a thorough evaluation of architecture, access controls, and data handling.

FIPS Compliant Images provide vCluster users with secure, certified container images that adhere to federal cryptographic standards for enhanced data protection.

Custom DNS Entries enable virtual clusters to define and manage custom DNS configurations for precise control over internal and external domain resolution.

vCluster VPN connects private nodes to the vCluster control plane when direct networking isn’t possible, without requiring a Tailscale account.

Netris Integration configures vCluster networking through Netris and can automatically set up Multus and kube-vip for the control plane.

Kube-VIP Integration provides a stable virtual IP for HA control planes so nodes can reliably reach the active control plane endpoint.

HA Mode allows to run the central platform components in HA mode with leader election to ensure uptime and reduce downtime.

Multi-Region Mode reduces latency when running the platform in multiple regions and even cloud providers.

Air-Gapped Mode allows to launch the platform with an offline license key, so no connection to our license API is required.

Platform Instances define how many vCluster Platform installations you can run to manage your virtual cluster fleet across environments.

Plugin SDK provides a programming interface for extending and customizing the behavior of a virtual cluster.

ClusterAPI Integration lets you create virtual clusters with the CRDs from the CAPI provider for virtual clusters.

Terraform Integration enables the provisioning and management of environments with Terraform Providers.

Rancher Integration allows vCluster management inside Rancher plus permission/user sync between both systems.

Service Monitor allows you to use Prometheus to collect metrics about the state of the virtual cluster control plane.

Metrics Server integration enables virtual clusters to gather and display resource metrics, such as CPU and memory usage, for workloads running inside the cluster.

Central HostPath Mapper is useful for collecting metrics about workloads that run inside of the virtual cluster.

Argo CD Integration automates the import of environments as deployment targets into Argo CD including permission sync.

Vault Integration lets users retrieve, distribute and rotate secrets from HashiCorp Vault to their environments.

Cert Manager integration automates the issuance and renewal of TLS certificates for secure communication within virtual clusters.

External Secrets Operator automates syncing secrets from external secret stores, like AWS Secrets Manager or Vault, into virtual clusters.

KubeVirt integration allows virtual clusters to run and manage virtual machines alongside Kubernetes workloads seamlessly.

Istio Integration enables service mesh capabilities inside vClusters while keeping tenant environments isolated on shared infrastructure.

Email Support via our unified support email address support@loft.sh

Private Shared Channel allows admins to chat with our team from within your company’s Slack or MS Teams workspace.

Video Support offers hands-on assistance for customers who want to interact directly with our engineers.

Custom SLA is a paid add-on for guaranteed response times of our support staff for any mission-critical use of our software.

Technical Account Manager supports admins hands-on with anything from the initial setup and rollout to upgrades.

Custom Terms are tailored agreements to meet unique legal, compliance, and procurement requirements.