Skip to main content
Version: 2.3

Loft API Endpoints

The Loft API server provides multiple endpoints to communicate with. Depending on the endpoint, Loft will proxy the request either to its internal Kubernetes API server, to a connected Kubernetes cluster, to a virtual Kubernetes cluster or handle it internally.

The different endpoints can be reached by providing a prefix in front of the actual Kubernetes path (e.g. https://my-loft-domain.com/$PREFIX/$KUBERNETES_PATH). Based on this prefix, Loft will know how to route the request to the correct destination.

Endpoints

There are several Kubernetes path prefixes for Loft that will target different Kubernetes API servers:

  • /kubernetes/management/: Prefix that proxies the request to the internal Loft management Kubernetes API server.
  • /kubernetes/cluster/$CLUSTER/: Prefix that proxies incoming Kubernetes requests to the connected cluster $CLUSTER.
  • /kubernetes/virtualcluster/$CLUSTER/$NAMESPACE/$VCLUSTER/: Prefix that proxies incoming Kubernetes requests to the virtual cluster $VCLUSTER in namespace $NAMESPACE in the connected cluster $CLUSTER.

For example, if you would want to retrieve pods from a connected cluster loft-cluster, the corresponding Kubernetes URL would be https://my-loft-domain/kubernetes/cluster/loft-cluster/api/v1/pods.

With that knowledge, you can also create a kube config to use kubectl to query that cluster directly through Loft (basically what loft use cluster is doing internally):

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: https://my-loft-domain.com/kubernetes/cluster/loft-cluster
  name: loft_loft-cluster
contexts:
- context:
    cluster: loft_loft-cluster
    user: loft_loft-cluster
  name: loft_loft-cluster
current-context: loft_loft-cluster
users:
- name: loft_loft-cluster
  user:
    token: ACCESS_KEY

Other non kubernetes endpoints exposed by Loft:

  • /auth/: Authentication endpoints that are used by the Loft UI to login a user
  • /oidc/: Endpoint for the internal OIDC server. See loft as OIDC provider for more details.
  • /grafana/$CLUSTER/: All requests to this endpoint will be proxied to the cluster's grafana instance (if there is any).