10x Cheaper Than "Real" Clusters

Embedded etcd is as lightweight as k3s+sqlite but optimized for HA and scalability designed for production workloads.

Built-In CoreDNS bundles CoreDNS into the same pod as vCluster to lower resource consumption and boost startup time.

Custom DNS Entries lets users connect to services from other vClusters or from the host cluster via cluster-internal DNS.

Sync Patches provide an option to alter the vCluster sync process by defining patches applied to objects during sync.

Central HostPath Mapper is a service that runs inside the host cluster and allows virtual clusters to use symlink host paths.

Security-Hardened Image allows enterprises to operate virtual clusters with enhanced security controls.

Zero-Day Alerts offer instructions for security patches before a vulnerability is disclosed to the public in our OSS repos.

Central Admission allows to define admission control policies in the host cluster and enforce them in any vCluster.

Isolated Control Plane runs the vCluster control plane in one cluster but syncs workload pods into other Kubernetes clusters.

VirtualCluster CRD provides a central controller for deploying, managing and upgrading virtual clusters in a declarative way.

Terraform Integration enables the provisioning and management of environments with Terraform Providers.

ClusterAPI Integration lets you create virtual clusters with the CRDs from the CAPI provider for virtual clusters.

Argo CD Integration automates the import of environments as deployment targets into Argo CD including permission sync.

Rancher Integration allows vCluster management inside Rancher plus permission/user sync between both systems.

Templates enable organizations to codify best practices and enforce security standards on a platform-level.

Template Versioning allows rolling out security patches faster and allows to implement sophisticated upgrade flows at scale.

Projects allow organizations to organize virtual clusters, resources and access permissions into logical groups.

Quotas allow admins to configure resource limits for users and teams within a project to allow for fair use and to control spend.

Sleep Mode puts idle environments to sleep after a period of inactivity or according to a cron schedule.

Auto Wakeup can resume any sleeping environmen tin real-time when a request comes in.

Auto Delete destroys idle environments after a period of inactivity or according to a cron schedule.

Secrets Sync allows central management of secrets and simplifies secret update/rotation procedures.

Secrets Encryption provides controls to enable the encryption of secrets stored within the platform for improved security.

Vault Integration lets users retrieve, distribute and rotate secrets from HashiCorp Vault to their environments.

User & Access Management handles all access control and credential management for users in your company.

Single Sign-On (SSO) for central authentication via SAML2, OIDC, LDAP, oAuth, GitHub, GitLab, etc.

Audit Logging writes a central log of all user interactions with their environments and the underlying platform itself.

Automated Auth For Ingresses secures ingress routes and forces users to authenticate via SSO first.

Loft Platform as OIDC Provider enables companies to connect other systems to Loft’s SSO mechanism via OIDC.

HA Mode allows to run the central platform components in HA mode with leader election to ensure uptime and zero downtime.

Multi-Region Mode runs the platform in multiple regions and even cloud providers for minimal latency and increased HA.

Air-Gapped Mode allows to launch the platform with an offline license key, so no connection to Loft’s license API is required.

UI Customizations let companies customize the appearance of the user interface (e.g. custom logo, colors, nav links, etc.).

Email Support via our unified support email address support@loft.sh

In-App Chat Support adds a lightweight chat widget to the web UI that allows users to directly chat with our support team.

Private Shared Channel allows admins to chat with our team from within your company’s Slack or MS Teams workspace.

Phone + Video Support offers hands-on assistance for customers who want to interact directly with our engineers.

Technical Account Manager supports admins hands-on with anything from the initial setup and rollout to upgrades.

Custom SLA is a paid add-on for guaranteed response times of our support staff for any mission-critical use of our software.