Install Loft
Using Loft CLI is the preferred way to deploy Loft to a Kubernetes cluster. If you decide later on you want to manage your Loft instance via GitOps, you may export the applied Kubernetes manifests or Helm chart configuration and store this data in a git repository.
1. Download and Install Loft CLI
Use one of the following commands to download the Loft CLI binary from GitHub:
- Mac (Intel/AMD)
- Mac (Silicon/ARM)
- Linux (AMD)
- Linux (ARM)
- Windows Powershell
npm install -g loft.sh
yarn global add loft.sh
curl -L -o loft "https://github.com/loft-sh/loft/releases/latest/download/loft-darwin-amd64" && sudo install -c -m 0755 loft /usr/local/bin
curl -L -o loft "https://github.com/loft-sh/loft/releases/latest/download/loft-darwin-arm64" && sudo install -c -m 0755 loft /usr/local/bin
curl -L -o loft "https://github.com/loft-sh/loft/releases/latest/download/loft-linux-amd64" && sudo install -c -m 0755 loft /usr/local/bin
curl -L -o loft "https://github.com/loft-sh/loft/releases/latest/download/loft-linux-arm64" && sudo install -c -m 0755 loft /usr/local/bin
md -Force "$Env:APPDATA\loft"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -URI "https://github.com/loft-sh/loft/releases/latest/download/loft-windows-amd64.exe" -o $Env:APPDATA\loft\loft.exe;
$env:Path += ";" + $Env:APPDATA + "\loft";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);
Line 4 of this install script adds the install directory %APPDATA%\loft to the $PATH environment variable. This is only effective for the current Powershell session, i.e., when opening a new terminal window, loft may not be found.
Make sure to add the folder %APPDATA%\loft to the PATH environment variable after installing Loft CLI via Powershell. Afterward, a reboot might be necessary.
To confirm that Loft CLI is successfully installed, reboot and test via:
loft --version
Alternatively, you can download the binary for your platform from the GitHub Releases page and add this binary to your PATH.
2. Deploy Loft
Make sure you are using the correct kube-context via kubectl config current-context and then run:
loft start
The CLI will ask for your email address to create the admin user and then deploy Loft to your cluster.
Your Loft pod is not starting or the UI is not showing up? View our Troubleshooting Guide if you have any issues.
Since loft installs webhooks and api server extensions into the cluster, the kubernetes master needs to be able to communicate with the loft pod. In private GKE clusters the kubernetes master and nodes for example are not in the same subnetwork and cannot communicate directly with each other on every port. Hence, you need to ensure that there is a firewall rule that allows incoming traffic from the kubernetes master network to the tcp ports:
- 9443 (loft agent webhook)
- 8443 (loft agent api service extension - v1.cluster.loft.sh)
- 9444 (loft api service extension - v1.management.loft.sh)
3. Login
While loft start is running in the background, open a second terminal window and sign in via
the CLI:
loft login https://localhost:9898 --insecure # See `loft start` output for login credentials
This command will open the browser where you can sign in using the login data shown in the
output of loft start.
Since Loft generates a self-signed SSL certificate, you need to run loft login with the --insecure flag and once the browser opens, you will also need to accept the untrusted self-signed certificate before the login page will show up. Once you connect a domain to Loft later on, you can use your own, valid certificates or have one provisioned via cert-manager.
