Install Loft
About This Guide
Goal: Install Loft to a remote Kubernetes cluster, connect your auth provider, and onboard your team
Estimated time: 20 minutes
Requirements:
- any remote Kubernetes cluster (GKE, EKS, AKS, Rancher/RKE, ...)
kubectl
(check viakubectl version
)helm
v3 (check withhelm version
)- a kube-context with admin access to this Kubernetes cluster (check with
kubectl auth can-i create clusterrole -A
)
Air-gapped Cluster
If you want to install loft into an air-gapped cluster, please take a look at the Air-Gapped Installation Guide instead.
Remote Cluster Required
The guide requires you to install Loft to a remote cluster (e.g. GKE, EKS, AKS, Rancher/RKS, self-managed in your private cloud). If you just want to evaluate Loft with a local test cluster such as minikube, kind or Docker Desktop, take a look at the Quickstart Guide instead.
1. Download Loft CLI
Use one of the following commands to download the Loft CLI binary from GitHub:
- Mac Terminal
- Linux Bash
- Windows Powershell
Alternatively, you can simply download the binary for your platform from the GitHub Releases page and add this binary to your PATH.
2. Deploy Loft
The first step to giving anyone access to your Kubernetes clusters via Loft is to make your Loft instance available on a domain, i.e. reachable for others via an ingress. This obviously does not work if you are running Loft on a localhost cluster such as minikube or Docker Desktop.
So, make sure your current kube-context points to a remote cluster (GKE, EKS, AKS, RKE, ...) and run:
Choose Ingress / Domain
When Loft CLI asks you How do you want to access loft?
, answer with via ingress
and then for the next question, provide a domain or subdomain that you can change the DNS configuration of.
The output of loft start
will look like this:
3. Configure DNS
After Loft has been deployed, the CLI will tell you to configure DNS:
To configure DNS, do the following:
- Leave
loft start
running and open a second terminal window - Run
kubectl get services -n ingress-nginx
in the second terminal window - If the
EXTERNAL-IP
is pending, wait a bit and go back to 2., otherwise: - Copy the
EXTERNAL-IP
of your ingress controller service - Open the DNS settings of your domain (in AWS Route 53, Google Cloud DNS, Godaddy etc.)
- If the
EXTERNAL-IP
is- an IP address, set an A-record for your Loft subdomain pointing to your
EXTERNAL-IP
- a subdomain, set a CNAME-record for your Loft subdomain pointing to your
EXTERNAL-IP
- an IP address, set an A-record for your Loft subdomain pointing to your
4. Add SSL
Because kubectl
and many other tools that connect to the Kubernetes API require TLS, we need a certificate for our Loft instance.
- Cert-Manager (recommended)
- Custom Certificate
The easiest way to add SSL to your Loft instance is to install cert-manager which will use Let's Encrypt to automatically create an SSL certificate for your Loft subdomain.
STEP 1Install cert-manager to your cluster:
Upgrade your Loft instance via Helm:
Check the certificate and wait for it to be ready
Optional: Mark cert-manager Helm release to manage it in the Loft UI
5. Login
After Loft has been deployed, your DNS is configured, and you added a SSL certificate, loft start
will terminate with the following output:
Now run the following command to log in to your Loft instance:
The CLI will then open the browser, so you can log in with the admin password shown in the output of loft start
(see step 2 above).
After you logged in via the UI, you will also be logged in via the CLI because you started the login process via loft login
.