10x Cheaper Than "Real" Clusters

RBAC provides an automated way to configure role-based access control in the underlying host cluster.

Network Isolation provides an automated way to configure network policies to lock-in the virtual cluster traffic.

Resource Isolation provides an automated way to restrict resources for virtual clusters to prevent over-consumption.

SQLite is the most lightweight backing store which is hosted inside a file within the virtual cluster pod (typically in a PV).

Self-Managed etcd means that you either deploy etcd in the host cluster or externally and use it as the backing store.

Embedded etcd is as lightweight as k3s+sqlite but optimized for HA and scalability designed for production workloads.

External Database allows you to connect a k8s-based virtual cluster to an external database, such as MySQL or RDS.

Built-In CoreDNS bundles CoreDNS into the same pod as vCluster to lower resource consumption and boost startup time.

Custom DNS Entries lets users connect to services from other vClusters or from the host cluster via cluster-internal DNS.

Plugin SDK provides a programming interface for extending and customizing the behavior of a virtual cluster.

Enterprise Plugins are out-of-the-box plugins we built and maintain for common and advanced vCluster use cases.

Sync Patches provide an option to alter the vCluster sync process by defining patches applied to objects during sync.

Service Monitor allows you to use Prometheus to collect metrics about the state of the virtual cluster control plane.

Central HostPath Mapper is a service that runs inside the host cluster and allows virtual clusters to use symlink host paths.

Security-Hardened Image allows enterprises to operate virtual clusters with enhanced security controls.

Zero-Day Alerts offer instructions for security patches before a vulnerability is disclosed to the public in our OSS repos.

Central Admission allows to define admission control policies in the host cluster and enforce them in any vCluster.

Deny Proxy Requests lets admins define simple admission control deny rules for certain Kubernetes API operations.

Isolated Control Plane runs the vCluster control plane in one cluster but syncs workload pods into other Kubernetes clusters.

VirtualCluster CRD provides a central controller for deploying, managing and upgrading virtual clusters in a declarative way.

Terraform Integration enables the provisioning and management of environments with Terraform Providers.

ClusterAPI Integration lets you create virtual clusters with the CRDs from the CAPI provider for virtual clusters.

Argo CD Integration automates the import of environments as deployment targets into Argo CD including permission sync.

Rancher Integration allows vCluster management inside Rancher plus permission/user sync between both systems.

Automatic KubeConfig Delivery enables your team to retrieve, update and switch the kube-context for vCluster.

Revoking & Rotating Credentials allows you to manage access to virtual clusters via central credential management.

Templates enable organizations to codify best practices and enforce security standards on a platform-level.

Template Versioning allows rolling out security patches faster and allows to implement sophisticated upgrade flows at scale.

Projects allow organizations to organize virtual clusters, resources and access permissions into logical groups.

Quotas allow admins to configure resource limits for users and teams within a project to allow for fair use and to control spend.

Sleep Mode puts idle environments to sleep after a period of inactivity or according to a cron schedule.

Auto Wakeup can resume any sleeping environmen tin real-time when a request comes in.

Auto Delete destroys idle environments after a period of inactivity or according to a cron schedule.

Secrets Sync allows central management of secrets and simplifies secret update/rotation procedures.

Secrets Encryption provides controls to enable the encryption of secrets stored within the platform for improved security.

Vault Integration lets users retrieve, distribute and rotate secrets from HashiCorp Vault to their environments.

User & Access Management handles all access control and credential management for users in your company.

Single Sign-On (SSO) for central authentication via SAML2, OIDC, LDAP, oAuth, GitHub, GitLab, etc.

Audit Logging writes a central log of all user interactions with their environments and the underlying platform itself.

Automated Auth For Ingresses secures ingress routes and forces users to authenticate via SSO first.

Loft Platform as OIDC Provider enables companies to connect other systems to Loft’s SSO mechanism via OIDC.

HA Mode allows to run the central platform components in HA mode with leader election to ensure uptime and zero downtime.

Multi-Region Mode runs the platform in multiple regions and even cloud providers for minimal latency and increased HA.

Air-Gapped Mode allows to launch the platform with an offline license key, so no connection to Loft’s license API is required.

UI Customizations let companies customize the appearance of the user interface (e.g. custom logo, colors, nav links, etc.).

Email Support via our unified support email address support@loft.sh

In-App Chat Support adds a lightweight chat widget to the web UI that allows users to directly chat with our support team.

Private Shared Channel allows admins to chat with our team from within your company’s Slack or MS Teams workspace.

Phone + Video Support offers hands-on assistance for customers who want to interact directly with our engineers.

Technical Account Manager supports admins hands-on with anything from the initial setup and rollout to upgrades.

Custom SLA is a paid add-on for guaranteed response times of our support staff for any mission-critical use of our software.