Ingress Suffix
As outlined in the 'Virtual Clusters -> Advanced Topics -> Ingress Access' section, you can enable the 'AccessPoint' feature to access a virtual cluster API server directly by avoiding the Loft proxy. This requires a valid ingress controller to be present on the host cluster and a valid domain to be set in the loft.sh/ingress-suffix
annotation on the Cluster Object.
Once this is done, Loft creates a connection to the virtual cluster through an ingress instead of the default Loft proxy. This can be useful, if you want to handout the virtual cluster kubeconfig to users that do not belong to Loft.
The ingress name url is calculated as followed:
[VirtualClusterInstance Name]-[Project Name].[ingressSuffix]
You can set the required ingress suffix in the Loft UI:
- Go to the Clusters view using the menu on the left.
- Click the drop down arrow next to the cluster name you wish to modify. In the drop down menu click the Edit button.
- In the drawer that appears from the right, click on the Direct Access configuration pane. Provide the desired domain under the Virtual Cluster Ingress Suffix field.
- Click on the button.
This will require an ingress-controller in the cluster (such as ingress-nginx) and a wildcard DNS record on the above configured domain. Make sure to enable ssl-passthrough on the ingress controller as well or install the ingress-nginx Loft app.