Welcome to Loft! One of your colleagues has probably sent you this link, so you can quickly get started using Loft. With Loft, you can create Kubernetes namespaces to test any applications you are working on, you can run ML/AI experiments or you can integrate Kubernetes very easily in CI/CD pipelines.
Install Loft CLI
Installing the Loft CLI lets you create spaces and retrieve kube-contexts for your spaces right from the terminal of your IDE which is often much faster than using the UI.
- Mac Terminal
- Linux Bash
- Windows Powershell
Alternatively, you can simply download the binary for your platform from the GitHub Releases page and add this binary to your PATH.
After installing the CLI, you must log in to Loft:
This command will generate an access key and securely store it on your computer, so the Loft CLI can authenticate when running any further commands.
Spaces / Namespaces
Spaces are Kubernetes namespaces that allow you to work with Kubernetes, e.g. deploy applications to see if they are working correctly, use in CI/CD pipelines, run ML/AI experiments, debug microservices etc.
You can create as many spaces as your admin has configured for you. You may create spaces in different Kubernetes clusters if your admin has granted you access to more than just one cluster.
Creating spaces in the UI is easy but to actually use the space, a cluster user needs a valid kube-context which most non-admin users do not have by default. To get a kube-context limited to a certain space, run the following command using the CLI:
How does it work?
To provide access to a space/namespace, Loft creates a new RBAC role binding for the Loft user. This is done in a way that this user can only access objects within this and other namespaces the user has access to. Then, Loft generates a kube-context using an access key and adds it to the
~/.kube/config file on the user's computer.
To get a list of your spaces, take a look in the UI or simply run:
Switch Between Spaces
The CLI will automatically handle the kube-context (i.e. which Kubernetes cluster and namespace you are working with and how to authenticate).
To switch from one cluster to another cluster, run:
Sometimes it may be useful to give others access to one of your spaces. Since Loft's authorization system is based on Kubernetes RBAC, you can simply create a RoleBinding to give other users access. Allowing them to view and edit a namespace and/or resources within this namespace will enable them to see a corresponding space in the UI and also to run
loft use space to configure a kube-context for accessing the space using
helm and other tools.
No Kube-Context Cleanup
This will not clean up the local kube-context you may have for this space. Only when removing a space using the Loft CLI, the local kube-context will also be removed from your
Sleep Mode + Wakeup
Your admin may configure the sleep mode for you spaces. Sleeping spaces will not lose any configuration or persistent data but the running containers will be gracefully terminated.
As soon as you run any command within a sleeping space with any Kubernetes tool (e.g.
kubectl get po,
devspace dev) your space will automatically wake up and start your containers again.
You can also manually wake up spaces as shown below:
You can either use the Loft CLI to create a kube config automatically or you can create your own kube config with an Access Key.
- Kube Config
Run this command to add a kube-context for the virtual cluster to your local kube-config file or to switch to an existing kube-context of a virtual cluster:
Then, run any kubectl command within the virtual cluster:
In order for a user to access a virtual cluster the user needs the RBAC permission
get on the resource
virtualclusters in the api group
storage.loft.sh with api version
v1 either in the namespace where the virtual cluster was created in or cluster wide
Run this command to delete a virtual cluster:
In each cluster that you have access to, you have a cluster account. Each of these cluster accounts can have quotas which may limit how many Kubernetes resources (e.g. pods) you can create or how much computing power you can use.
You can view your quotas for all clusters as well as the current utilization in the Loft UI:
Access keys allow you to authenticate with Loft in non-interactive environments, e.g. from CI/CD pipelines.