Isolation
The vCluster project provides several configuration options pertaining to virtual cluster isolation and security. This section briefly covers the primary configuration options, users are encouraged to check out the full vCluster isolation and security docs page here.
vcluster provides a configuration option simply named isolate
. When enabled, this feature
enables a pod security standard, deploys a resource quota and limit range, and enables a network
policy to isolate workloads.
Enabling of the vCluster isolate
configuration setting is as simple as setting the appropriate
value in your virtual cluster or virtual cluster template helm values as shown below:
policies:
podSecurityStandard: "baseline"
limitRange:
enabled: true
resourceQuota:
enabled: true
All vCluster isolation mode configuration settings are available for further configuration by making use of the provided helm values. Take a look the vCluster docs linked below for much more information about both the default settings and available configurations.
Not all CNIs will support all network policies. Make sure you understand what capabilities your CNI supports when investigating virtual cluster isolation.