Clusters

With Loft, you can manage clusters, cluster access, namespaces, virtual clusters as well as applications running inside your connected clusters.

Connect Clusters

To manage a cluster within Loft, you must first connect the cluster to your Loft instance. You can also connect the cluster that Loft is running inside (Loft cluster), so you can manage this cluster using Loft as well.

Loft Cluster

To manage the cluster where Loft is running in (Loft cluster) using Loft, you need to connect it. You can skip this step if you only want to connect other clusters instead. However, it is often useful to connect the Loft cluster to manage this cluster using Loft although you may not want to make it available to the rest of your team.

In the Loft UI, navigate to "Clusters" and click the Connect Cluster button.

Loft UI - Connect Loft Cluster
STEP 1

Define Cluster Name

Enter a name for your cluster. This name must be a Kubernetes-compatible object name, i.e. only lowercase characters and dashes are allowed.

Naming

Cluster names should tell engineers what the cluster is used for and where it is located, e.g. gke-prod, gke-dev-tpu-us-1, eks-dev-us-west-1


STEP 2

Connect Loft cluster

Since Loft already has access to the cluster it is running inside, you will see a special button Connect loft cluster which will let you connect the management cluster with a single click.

Other Clusters

In the Loft UI, navigate to "Clusters" and click the Connect Cluster button.

Loft UI - Connect Cluster
STEP 1

Define Cluster Name

Enter a name for your cluster. This name must be a Kubernetes-compatible object name, i.e. only lowercase characters and dashes are allowed.

Naming

Cluster names should tell engineers what the cluster is used for and where it is located, e.g. gke-prod, gke-dev-tpu-us-1, eks-dev-us-west-1


STEP 2

Generate Kube-Config

To give Loft access to a cluster, you need to provide a kube-config for this cluster.

Option A: To automatically create a kube-config using Loft CLI, run the following command:

loft generate admin-kube-config
caution

Make sure you are in the right cluster/context before executing the command shown above.

caution

If you try to connect a Rancher provisioned cluster, please make sure you are using the Authorized Cluster Endpoint for the cluster you wish to connect. Otherwise, you'll experience problems with authentication as the default Rancher proxy authentication endpoint does not correctly support impersonation.

Option B: To manually create a kube-config, you need to:

  1. Create a ServiceAccount
  2. Create a ClusterRoleBinding to bind the ServiceAccount to the ClusterRole cluster-admin
  3. Create a kube-config for the cluster using the token of the ServiceAccount created above

STEP 3

Enter Kube-Config & Connect

Enter the kube-config into the textarea and click the Connect button.

Disconnect Clusters

With Loft, you can disconnect clusters with a single click or command.

State Preservation

Disconnecting a cluster will not remove anything from the cluster. It will only remove the credentials (kube-config) saved in Loft for connecting to the cluster. After disconnecting a cluster, you can simply reconnect it and everything will still be there: namespaces, apps, cluster account, account quotas, etc.

Loft UI - Disconnect Cluster

Reconnect

Because Loft saves the entire state of a cluster within the cluster ifself, you can disconnect and simply reconnect a cluster without data loss.

Loft UI - Reconnect Cluster

Advanced Workflows

Reset Connected Cluster

Loft allows you to reset certain parts of a connected cluster, such as:

  • default cluster roles: If specified, Loft will reset the default cluster roles in the target cluster used to determine RBAC permissions for Loft users and teams
  • default templates: If specified, Loft will reset the default kiosk templates (limit-range and network-policy)
  • kiosk: If specified, Loft will delete and reinstall the kiosk chart into the target cluster
Reset Cluster
Reset a cluster through the Loft UI

To reset a cluster, navigate to the Clusters view and press on the Reset button in the Actions column.

Disable Loft Agent

There might be cases where you don't want Loft to automatically handle loft-agent updates for you and you want to manually install or upgrade the loft agent. This can be achieved either by setting the environment variable DISABLE_AGENT to true in the Loft container or by setting the annotation loft.sh/cluster-ignore-agent: 'true' on a connected cluster.

warning

If you do not install loft agent into a connected cluster at all, certain functionality, such as Spaces, Virtual Clusters, Apps, Accounts, Account Quotas & Security Templates will not be available in the cluster