Loft Onboarding Guide

Welcome to Loft! One of your colleagues has probably sent you this link, so you can quickly get started using Loft. With Loft, you can create Kubernetes namespaces to test any applications you are working on, you can run ML/AI experiments or you can integrate Kubernetes very easily in CI/CD pipelines.

Install Loft CLI

Installing the Loft CLI lets you create spaces and retrieve kube-contexts for your spaces right from the terminal of your IDE which is often much faster than using the UI.

• Mac Terminal
• Linux Bash
• Windows Powershell

curl -s -L "https://github.com/loft-sh/loft/releases/latest" | sed -nE 's!.*"([^"]*loft-darwin-amd64)".*!https://github.com\1!p' | xargs -n 1 curl -L -o loft && chmod +x loft;

sudo mv loft /usr/local/bin;

Alternatively, you can simply download the binary for your platform from the GitHub Releases page and add this binary to your PATH.

Login

After installing the CLI, you must log in to Loft:

loft login https://my-loft.url.tld

This command will generate an access key and securely store it on your computer, so the Loft CLI can authenticate when running any further commands.

Spaces / Namespaces

Spaces are Kubernetes namespaces that allow you to work with Kubernetes, e.g. deploy applications to see if they are working correctly, use in CI/CD pipelines, run ML/AI experiments, debug microservices etc.

You can create as many spaces as your admin has configured for you. You may create spaces in different Kubernetes clusters if your admin has granted you access to more than just one cluster.

Create Spaces

• UI
• CLI
• kubectl

Loft UI - Create Space

Creating spaces in the UI is easy but to actually use the space, a cluster user needs a valid kube-context which most non-admin users do not have by default. To get a kube-context limited to a certain space, run the following command using the CLI:

loft use space [SPACE_NAME]

How does it work?

To provide access to a space/namespace, Loft creates a new RBAC role binding for the Loft user. This is done in a way that this user can only access objects within this and other namespaces the user has access to. Then, Loft generates a kube-context using an access key and adds it to the ~/.kube/config file on the user's computer.

List Spaces

To get a list of your spaces, take a look in the UI or simply run:

loft list spaces

Switch Between Spaces

The CLI will automatically handle the kube-context (i.e. which Kubernetes cluster and namespace you are working with and how to authenticate).

To switch from one cluster to another cluster, run:

loft use space [SPACE_NAME]

Share Spaces

Sometimes it may be useful to give others access to one of your spaces. Since Loft's authorization system is based on Kubernetes RBAC, you can simply create a RoleBinding to give other users access. Allowing them to view and edit a namespace and/or resources within this namespace will enable them to see a corresponding space in the UI and also to run loft use space to configure a kube-context for accessing the space using kubectl, helm and other tools.

• UI
• kubectl

Loft UI - Share Space

Delete Spaces

• UI
• CLI
• kubectl

Loft UI - Delete Space

No Kube-Context Cleanup

This will not clean up the local kube-context you may have for this space. Only when removing a space using the Loft CLI, the local kube-context will also be removed from your ~/.kube/config file.

Sleep Mode + Wakeup

Your admin may configure the sleep mode for you spaces. Sleeping spaces will not lose any configuration or persistent data but the running containers will be gracefully terminated.

As soon as you run any command within a sleeping space with any Kubernetes tool (e.g. kubectl get po, helm install, devspace dev) your space will automatically wake up and start your containers again.

You can also manually wake up spaces as shown below:

• UI
• CLI
• kubectl

Loft UI - Manual Sleep & Wake-Up

Virtual Clusters

Create vCluster

• UI
• CLI
• kubectl

Loft UI - Create Virtual Cluster

Use vCluster

You can either use the Loft CLI to create a kube config automatically or you can create your own kube config with an Access Key.

• CLI
• Kube Config

Run this command to add a kube-context for the virtual cluster to your local kube-config file or to switch to an existing kube-context of a virtual cluster:

loft use vcluster # shows a list of all available vclusters

loft use vcluster [VCLUSTER_NAME] # optional flags: --cluster=[CLUSTER_NAME] --space [VCLUSTER_NAMESPACE]

Then, run any kubectl command within the virtual cluster:

kubectl get namespaces

RBAC Permissions

In order for a user to access a virtual cluster the user needs the RBAC permission get on the resource virtualclusters in the api group storage.loft.sh with api version v1 either in the namespace where the virtual cluster was created in or cluster wide

Delete vCluster

• CLI
• kubectl

Run this command to delete a virtual cluster:

loft delete vcluster [VCLUSTER_NAME] # optional flags: --cluster=[CLUSTER_NAME] --space [VCLUSTER_NAMESPACE]

Quotas

In each cluster that you have access to, you have a cluster account. Each of these cluster accounts can have quotas which may limit how many Kubernetes resources (e.g. pods) you can create or how much computing power you can use.

You can view your quotas for all clusters as well as the current utilization in the Loft UI:

Loft UI - Account Quotas

Access Keys

Access keys allow you to authenticate with Loft in non-interactive environments, e.g. from CI/CD pipelines.

Create Access Keys

Loft UI - Profile: Create Access Key

Login with Access Keys

loft login https://my-loft.url.tld --access-key [ACCESS_KEY]

Delete Access Keys

Loft UI - Profile: Dlete Access Key