Users
Core functionality of Loft is giving other people self-service access to Kubernetes clusters. Everyone who should get access to a Kubernetes cluster, must be an authenticated user in Loft.
Working with Users
Create User (manual)
Loft lets you connect a variety of SSO providers for authentication but you can also manually create users who can sign in via username and password:
Create a User
- Go to the Users view using the main menu on the left
- Click on the button
- Use the field Display Name to enter the Username for your user
- Click on the button at the very bottom
- Close the popup using the button
Impersonate User
Loft allows admins with appropriate RBAC permissions to impersonate users.
Impersonate User
- In the Users view, hover over the row with the User who you want to impersonate
- While hovering over the row, you will see buttons appear on the right in the Actions column
- Click on the button to Impersonate the user
- In the popup, click on the button to confirm that you want to start impersonation
- Whenver you want to switch back to your regular user, click the button on the right-hand side of the impersonation banner at the top of the page
To use Loft CLI as the impersonated user, you can run the following command while impersonation is active:
loft login localhost:9898 --insecure # or use your loft.domain.tld instead of localhost, and ideally with a valid SSL cert and without the --insecure flag
You can verify the login and print your user information via:
loft login
Configuration
Metadata
Display Name
![](/docs/assets/images/field-display-name-fbb0f66f4f981c92c0f7abbf31a82254.png)
JSONPath in User CRD:
spec.displayName (type: string)
Kubernetes Name
![](/docs/assets/images/field-name-20c4e85ff8eae7c87aea19506c0369d8.png)
JSONPath in User CRD:
metadata.name (type: string)
Labels
![](/docs/assets/images/field-labels-dc1a396a0b5d7690f119e293f9d15d83.png)
JSONPath in User CRD:
metadata.labels (type: map[string]string)
Annotations
![](/docs/assets/images/field-annotations-e997ecf668089f0085b422bc575fa567.png)
JSONPath in User CRD:
metadata.annotations (type: map[string]string)
User Information
Username
![](/docs/assets/images/field-username-1e55129c9850551ed424c1b11e3e8673.png)
JSONPath in User CRD:
spec.username (type: string)
Email
![](/docs/assets/images/field-email-e34e04cac71c66bd1c1705fc96cc2dd1.png)
JSONPath in User CRD:
spec.email (type: string)
Password
![](/docs/assets/images/field-password-38c9d6d2b1ec62feda9a57c3829b623e.png)
JSONPath in User CRD:
spec.passwordRef (type: SecretRef)
Team Memberships
![](/docs/assets/images/field-teams-4e8613be906a378cfa5efbbb0f285269.png)
JSONPath in Team CRD:
$team.spec.users (type: string[])
Advanced Options
Kubernetes Groups
![](/docs/assets/images/field-groups-f15c34b1700416184f48bdc7a2fa456a.png)
JSONPath in User CRD:
spec.groups (type: string[])
Cluster Roles
![](/docs/assets/images/field-clusterroles-8a3e50ed7606dd65daee65559e18671a.png)
JSONPath in User CRD:
spec.clusterRoles (type: ClusterRoleRef[])
Image Pull Secrets
![](/docs/assets/images/field-pull-secrets-d4e1dc3d68c753ac49b19996a5e6962c.png)
JSONPath in User CRD:
spec.imagePullSecrets (type: SecretRef[])
Access To User
![](/docs/assets/images/field-access-bb5dc53a7abe8e1bdd099b4a7893a45f.png)
JSONPath in User CRD:
spec.access (type: Access[])