Skip to main content

Isolation

The vCluster project provides several configuration options pertaining to virtual cluster isolation and security. This section briefly covers the primary configuration options, users are encouraged to check out the full vCluster isolation and security docs page here.

vcluster provides a configuration option simply named isolate. When enabled, this feature enables a pod security standard, deploys a resource quota and limit range, and enables a network policy to isolate workloads.

Enabling of the vCluster isolate configuration setting is as simple as setting the appropriate value in your virtual cluster or virtual cluster template helm values as shown below:

policies:
podSecurityStandard: "baseline"
limitRange:
enabled: true
resourceQuota:
enabled: true

All vCluster isolation mode configuration settings are available for further configuration by making use of the provided helm values. Take a look the vCluster docs linked below for much more information about both the default settings and available configurations.

CNIs and Network Policies

Not all CNIs will support all network policies. Make sure you understand what capabilities your CNI supports when investigating virtual cluster isolation.