Skip to main content
Version: 2.3

Quotas & Space Constraints

A key aspect of Loft is establishing secure multi-tenancy when sharing clusters among multiple users and teams. To guarantee fair use for every tenant and to isolate tenants from each other, Loft provides two features:

  • Quotas which define aggregated resource limits for users and/or teams (e.g. max 5 spaces, max 12 GB memory)
  • Space Constraints which define resources and other configurations that will be enforced for each space a user or a team creates using Loft (e.g. required labels and annotations, or resources such as a NetworkPolicy or LimitRange in each namespace)

Quotas

  1. Go to the Clusters view using the menu on the left
  2. Switch to the Cluster Access tab
  3. Hover over the cluster access that you want to apply the quota to and click on the button to Edit the cluster access
  4. In the drawer that appears on the right, expand the Restrictions section
  5. Use the Enforce Quota field to specify quotas, e.g. you can limit the number of spaces by adding the line spaces: 3 to this quota specification
  6. On the very bottom, click on the button to save the changes
Test with Impersonation

After following the steps above, all spaces created using the cluster access in step 7 will now enforce this quota. You can test this behavior by impersonating a user that uses this cluster access.

Space Constraints

Space Constraints allow you to define restrictions for namespaces such as enforced resources that will be deployed to each new namespace a user creates (e.g. NetworkPolicies) or other enforced settings such as mandatory labels, annotations, or any sleep mode configurations.

1. Create Space Constraints
  1. Go to the Clusters view using the menu on the left
  2. Switch to the Space Constraints tab
  3. Click the button to create a new space constraints object
  4. In the drawer that appears on the right, use the field Display Name to specify a Name for your space constraints object
  5. Expand the Enforce Resources section to specify manifests that should be deployed to and enforced in each namespace that is affected by these space constraints
  6. Expand the Enforce Space Settings section to specify other space settings such as sleep mode, auto-delete, labels and annotations that should be enforced for each namespace that is affected by these space constraints
  7. On the very bottom, click on the button to create this space constraints object
2. Enforce Space Constraints For Users & Teams
  1. Go to the Clusters view using the menu on the left
  2. Switch to the Cluster Access tab
  3. Hover over the cluster access that you want to apply these space constraints to and click on the button to Edit the cluster access
  4. In the drawer that appears on the right, expand the Restrictions section
  5. Use the Enforce Space Constraints field to select the Space Constraint that you want to enforce for all spaces created using this cluster access
  6. On the very bottom, click on the or button to save the changes
  7. Switch to the Cluster Access tab
  8. Hover over the cluster access of the user or team that you want to configure automatic sleep mode for and click on the button to Edit the cluster access
  9. In the drawer that appears on the right, expand the Restrictions section
  10. Use the Enforce Space Constraints field to select the Space Constraint you edited or created in Step 3 above
  11. On the very bottom, click on the button to save the changes
Test with Impersonation

After following the steps above, all spaces created using the cluster access in step 7 will now enforce these space constraints. You can test this behavior by impersonating a user that uses this cluster access.

Enforce Sleep Mode & Auto Delete

Enforce Sleep Mode For All Spaces Created By User/Team
  1. Go to the Clusters view using the menu on the left
  2. Switch to the Space Constraints tab

  3. Option A: Hover over the space constraints object that you want to configure automatic sleep mode with and click on the button to Edit an existing space constraints object

    Option B: Click the button to create a new space constraints object

  4. In the drawer that appears on the right, expand the Enforce Space Settings section
  5. Use the Sleep After Inactivity field to specify the Time (in minutes) to wait before putting the space to sleep if there is no more user activity in this namespace
  6. On the very bottom, click on the or button to save the changes
  7. Switch to the Cluster Access tab
  8. Hover over the cluster access of the user or team that you want to configure automatic sleep mode for and click on the button to Edit the cluster access
  9. In the drawer that appears on the right, expand the Restrictions section
  10. Use the Enforce Space Constraints field to select the Space Constraint you edited or created in Step 3 above
  11. On the very bottom, click on the button to update the cluster access
Test with Impersonation

After following the steps above, all spaces created using the cluster access in step 7 will now enforce sleep mode. You can test this behavior by impersonating a user that uses this cluster access.