Cloud Native ComputingDevelopersDevOpsKubernetesNews

Loft Labs Delivers Added Security And Optimization Features With vCluster.Pro


Loft Labs has launched vCluster.Pro, the commercial version of its open-source project vCluster, which became the de facto industry standard for virtual Kubernetes clusters. With the new enterprise edition called vCluster.Pro, Loft Labs meets growing demand from end-users to run vCluster at enterprise-scale and with rock-solid security controls.

Lukas Gentele, CEO of Loft Labs, said, “With vCluster.Pro, we’re helping our most advanced customers run virtual Kubernetes clusters at an unprecedented scale and with rock-solid enterprise-grade security and performance enhancements. vCluster.Pro enables our customers to build and manage compute-intensive, industry-defining products and services on virtual Kubernetes clusters.”

CoreWeave is among the first companies to adopt vCluster.Pro and was involved as a design partner from day one. CoreWeave is a specialized cloud provider of large-scale GPU-accelerated workloads. The company offers serverless Kubernetes architecture, delivering the industry’s fastest spin-up times, most responsive autoscaling, and ability to “burst” across hundreds – to – thousands of GPUs per workload. To operate Kubernetes at this scale, virtual clusters provided the most cost-efficient and high-performance solution for CoreWeave, and vCluster.Pro added the security controls and scalability features the company needed to run Kubernetes for their fast-growing customer base.

vCluster.Pro expands on vCluster’s virtualization capabilities to provide the following additional benefits:

Enterprise-Grade Security & Tenant Isolation

  • Isolated Control Plane allows companies to run the virtual clusters’ control plane components in a separate cluster, isolated from the workloads created by tenants within the virtual cluster. This isolation of control planes from the workloads is important to run virtual clusters in production and allows enterprises to run multiple workloads anywhere while ensuring stable operation, high availability and strict access control for the most critical component of a virtual cluster—the control plane.
  • Virtual Admission Control enables admins to define admission control restrictions that are enforced at the virtual cluster level rather than just at the host cluster level. This additional level of admission control ensures that users cannot make unauthorized changes to essential resources even when they have cluster-admin permissions, creating an additional layer of control and security.

Enhanced Cost Efficiency & Performance

  • Integrated CoreDNS consolidates all three vCluster components—CoreDNS, APIServer and Syncer—into a single pod, simplifying the architecture and making virtual clusters even more lightweight and faster to start.
  • Cross-Cluster DNS provides a CoreDNS plugin bundled into vCluster.Pro which gives admins the capability to open the virtual cluster up to reach other services that run in the underlying host cluster or even in another virtual cluster. After an admin adds a service to the allow list, users inside the virtual cluster can reach this service via cluster-internal DNS hostnames, which is convenient and secure.
  • Sync Patches allow for modifications to resources during synchronization and before they are applied to the Kubernetes API server of the underlying host cluster. This versatility enhances control and customization over resource-handling in the Kubernetes environment.