Cluster Accounts

An account defines the permissions of a user within a certain cluster (authorization).

Create Accounts

Users in loft do not automatically have access to clusters. To give a user access to a cluster, you need to create an account for this user within the cluster.

loft UI - Create Account
Copy Cluster Accounts

When creating a new user, loft offers the option to copy cluster accounts from an existing user. You could also create a "template user," configure all cluster accounts and quotas for this template user, and then add the rest of your team by copying the accounts when adding the users.

Space Creation Settings

If you open the form to create or edit a cluster account, you will see the section "Space Creation Settings" which provides the following options:

  • Space Limit to set a maximum number of namespaces for this account
  • Timeout for Automatic Sleep Mode to enable automatic sleep mode after a certain period of inactivity
  • Enforce Templates to specify templates which will be instantiated when creating a space with this account
  • Labels & Annotations to specify metadata which should be set when creating a space3
3 While users are generally able to define their own labels and annotations, loft will make sure that the enforced labels and annotations cannot be overwritten.
loft UI - Change Space Creation Settings

Delete Accounts

loft UI - Delete Account
Data Loss

Deleting an account will also delete:

  • all AccountQuotas created for the account
  • all spaces owned by the account
  • all RBAC objects associated with the account and its spaces

Deletion of these objects will be handled by Kubernetes OwnerReferences.