We’re excited to introduce vNode, a new product from LoftLabs that brings secure workload isolation to the node layer of Kubernetes. vNode enables platform engineering teams to enforce strict multi-tenancy inside shared Kubernetes clusters—without the cost or complexity of provisioning separate physical nodes.

Why We Built vNode

Most teams face a painful trade-off in Kubernetes multi-tenancy: share nodes and risk security vulnerabilities, or isolate workloads on separate nodes and waste resources. vNode breaks this trade-off by introducing lightweight virtual nodes that provide strong isolation without performance penalties or infrastructure sprawl.

With vNode, teams can:

• Enforce tenant isolation at the node level, preventing noisy neighbor issues and improving security.

• Run privileged workloads safely—like Docker-in-Docker or Kubernetes control planes—inside shared infrastructure.

• Meet compliance needs by eliminating shared kernel risks.

• Avoid the overhead of VMs, syscall translation, or re-architecting their Kubernetes environments.

How It Works

vNode introduces a lightweight runtime that runs alongside containerd, using Linux user namespaces to isolate workloads. Each physical node is partitioned into multiple secure virtual nodes, providing stronger multi-tenancy inside shared clusters. It integrates seamlessly with any Kubernetes distribution that uses containerd (on Linux kernel 6.1+).

Better Together: vNode + vCluster

vNode complements our existing product, vCluster, by adding node-level isolation to virtual clusters. Together, they provide full-stack multi-tenancy—isolating both control planes and workloads within the same shared cluster.

Join the Private Beta

We’re currently rolling out vNode through a private beta. Be among the first to try it out. Sign up for early access at vNode.com