Skip to main content
Version: 3.0 (beta)

Isolation

Spaces in Loft can be configured to provide moderate levels of isolation. This "isolation" typically includes applying ResourceQuotas, LimitRanges, and NetworkPolicies to a Space. These policies can be configured using the Space Objects option, to provide your desired quotas, limits and network policies. To make your life easier, Loft is deployed with a default Space Template called Isolated Space Template. This space template can give you a head start on configuring your own Space isolation policies, or you may find the template sufficient for your needs.

The default Isoalted Space Template creates hard limits for resource types, sets rational default limit ranges, and deploys a rather restrictive NetworkPolicy limiting network traffic.

CNIs and Network Policies

Not all CNIs will support all network policies! Make sure you understand what capabilities your CNI supports when investigating space isolation!