Using Loft in CI/CD Pipelines

When using Loft in a CI/CD pipeline to create namespaces and virtual cluster, there are couple of things to consider:

  1. You might want to generate your kube configs manually
  2. You may want to use the offical loftsh/loft-ci image in a containerized CI/CD pipeline
  3. You definitely want to authenticate using Access Keys in either case

Accessing Loft

You can easily construct a kube config that can be used directly in any external CI/CD pipeline or tool to access a space, connected cluster or vcluster directly. For this you'll only need an access key.

Then you can create a kube config in this format:

Create a kubeconfig.yaml with:

apiVersion: v1
kind: Config
clusters:
- cluster:
# Optional if untrusted certificate
# insecure-skip-tls-verify: true
server: https://my-loft-domain.com/kubernetes/cluster/$CLUSTER
name: loft
contexts:
- context:
cluster: loft
namespace: $SPACE
user: loft
name: loft
current-context: loft
users:
- name: loft
user:
token: $ACCESS_KEY

Replace the $ACCESS_KEY with your generated access key, $CLUSTER with the name of the connected kubernetes cluster the space was created in and $SPACE with the name of the space. You can now use this kube config with any external applications such as kubectl or terraform.

Then run any command in the space with:

kubectl --kubeconfig kubeconfig.yaml get pods

Authentication

Create Access Keys

Loft UI - Profile: Create Access Key

Using the Container Image

When using Loft in a CI/CD pipeline that runs based on containers, you can use the official loft-ci image either as a base image or directly.

This image is based on alpine and contains:

This is what the Dockerfile looks like:

FROM devspacesh/devspace:5
# Add helm
RUN wget -O helm.tar.gz https://get.helm.sh/helm-v3.3.3-linux-amd64.tar.gz \
&& tar -zxvf helm.tar.gz \
&& mv linux-amd64/helm /bin/helm
# Add Loft CLI (same version as the tag of this image)
COPY release/loft-linux-amd64 /bin/loft
RUN chmod +x /bin/loft

Login with Access Keys

loft login https://my-loft.url.tld --access-key [ACCESS_KEY]