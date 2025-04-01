Platform engineering teams can now enforce strict workload isolation inside shared Kubernetes nodes-without added infrastructure costs, operational complexity, or performance penalties.

(KubeCon EU 2025, booth S281) LoftLabs, focused on virtualizing Kubernetes and the cloud native stack, has launched vNode to redefine secure tenant isolation in Kubernetes. By introducing a new layer of virtualization on the node level, vNode ensures workloads remain fully isolated, allowing platform teams to enforce stricter security boundaries while optimizing shared infrastructure.

On its path to fully virtualize the cloud-native stack LoftLabs launched vCluster in 2021 to virtualize Kubernetes control planes and now complements this existing solution with a new product vNode to allow platform teams to also virtualize Kubernetes nodes to achieve stricter multi-tenancy on the node-level. As organizations grow, maintaining strong security while optimizing resource usage becomes increasingly complex. vNode addresses this challenge by delivering strict node isolation without sacrificing the efficiency of shared infrastructure. With this product release, LoftLabs' expands their portfolio of innovative cloud-native infrastructure to provide the following benefits:

vCluster: virtual Kubernetes clusters enabling scalable multi-tenancy

- DevPod: containerized development environments for frictionless cloud-native development

- vNode: virtual Node runtime delivering secure workload isolation inside shared infrastructure

"vNode solves a frustrating trade-off in Kubernetes multi-tenancy," said Lukas Gentele, CEO of LoftLabs. "Organizations can either give tenants shared access to nodes, introducing security risks and limiting restrictions for tenants, or they force them onto separate, expensive nodes. Neither option is great. vNode eliminates this dilemma by enforcing strict isolation within shared nodes, keeping security high and overhead low."

How vNode Works

vNode creates a lightweight virtualization layer that isolates workloads efficiently inside shared physical nodes-without relying on complex VM-based architectures or slow syscall translation. Unlike traditional isolation methods, vNode delivers strict security boundaries while maintaining high performance and resource efficiency. This enables:

Strong Isolation : Prevents cross-tenant interference while maintaining security boundaries.

: Prevents cross-tenant interference while maintaining security boundaries. Full Tenant Autonomy : Allows tenants to run privileged workloads (like Docker-in-Docker or Kubernetes control planes) without impacting others.

: Allows tenants to run privileged workloads (like Docker-in-Docker or Kubernetes control planes) without impacting others. No Performance Bottlenecks : Avoids the slow syscalls and bloated microVMs that hinder other isolation tools.

: Avoids the slow syscalls and bloated microVMs that hinder other isolation tools. Kubernetes-Native Cloud-Agnostic: Works with all major cloud providers and any containerd-based nodes (Linux 6.1+), requiring no re-architecting.

vNode works by introducing a lightweight runtime that enables virtualized nodes, sitting between the Kubernetes control plane and underlying worker nodes to enforce strict workload isolation. This approach allows platform teams to allocate dedicated, secure node resources to different teams, projects, or applications without running separate physical or virtual machines. By reducing the need for redundant clusters, vNode enhances resource efficiency, improves workload performance, and simplifies Kubernetes operations.

vNode vCluster: A Powerful Combination for Multi-Tenancy

vNode seamlessly integrates with vCluster, addressing a key concern around stronger multi-tenancy at the node level. While virtual clusters provide workload separation, they still share underlying nodes. vNode enhances this model by ensuring tenant workloads remain fully isolated at the node level, enabling platform teams to maintain security without sacrificing the efficiency of shared infrastructure. This allows organizations to scale Kubernetes environments securely while optimizing resource utilization.

New vCluster Features: Snapshot Restore and Open-Source Rancher Integration

In addition to vNode, LoftLabs is rolling out major enhancements for their flagship product vCluster:

Snapshot Restore for vCluster: Allows users to take a snapshot of their virtual cluster state and restore it at any time, improving backup, migration, and resilience in Kubernetes environments.

- Open-Source vCluster Rancher Labs Integration: Enables vCluster OSS users to create, manage and update virtual clusters in Rancher without needing vCluster Platform.

Be among the first to experience vNode. Sign up for early access to the private beta at vNode.com or visit LoftLabs at Booth S281 at KubeCon CloudNativeCon Europe 2025. See live demos, connect with LoftLabs experts, and discover how vNode is redefining Kubernetes multi-tenancy.

Supporting Resources:

Learn more about vNode at vNode.com

- vNode Launch Blog

About LoftLabs

LoftLabs is virtualizing Kubernetes and the cloud native stack. LoftLabs provides Kubernetes native tools and solutions designed for platform engineers to streamline IT operations, enhance multi-tenancy, and optimize resource management. With products like vCluster, vNode and DevPod, LoftLabs empowers platform teams at 1000's of enterprises worldwide to balance engineering speed with operational reliability, enabling scalable, cost-efficient digital platforms. Discover more at www.loftlabs.com.

