Loft Labs has announced that its popular open-source technology vcluster adds an isolated mode for virtual clusters which reduces the work required by administrators to isolate tenants in multi-tenant Kubernetes clusters. Virtual clusters spun up with vcluster are logically isolated by means of having separate Kubernetes control planes but the workloads running inside these virtual clusters (pods and their containers) are not isolated by default.
Previously, any Kubernetes security mechanisms for vcluster workloads had to be created manually by the cluster administors. Now, with vcluster’s isolated mode, a variety of Kubernetes security controls will be enabled and auto-configured without the need for manual configuration, including pod security standards (admission control policies), resource quotas and limit ranges and network policies.
Isolated mode enforces baseline workload isolation policies but administrators can harden these further and have full control over customizing everything to their security requirements.
The vcluster open source software is growing quickly with more than 500,000 downloads and over 1,300 stars on GitHub in less than a year after its initial release. First launched in April 2021, vcluster is used to create lightweight Kubernetes clusters that run inside the namespaces of underlying Kubernetes clusters.