Ingress Access
In Loft, typically, virtual clusters are accessed via the Loft proxy, that is, requests to the virtual cluster API server, are proxied through Loft itself. This behavior allows for Loft to act as a single endpoint for all virtual clusters in the Loft deployment. Because of this behavior, Loft is also able to act as a central point of authentication and authorization, and to log all interactions (if Loft Auditing is licensed and enabled).
In some situations you may prefer to access a virtual cluster API server directly, that is, not
via the Loft proxy. This behavior can be enabled with the virtual cluster 'AccessPoint' feature.
Enabling 'AccessPoint' on a virtual cluster requires that the host cluster has a valid ingress
controller deployed, and the 'Cluster' object has the loft.sh/ingress-suffix
annotation set
with a valid domain.
The hostname used to access a virtual cluster that has the 'AccessPoint' feature enabled, will be of the following format:
[VirtualClusterInstance Name]-[Project Name].[ingressSuffix]
Where the VirtualClusterInstance Name
is the name of the virtual cluster instance, the
Project Name
is the name of the project the virtual cluster instance is created in, and the
ingressSuffix
is the value from the Cluster loft.sh/ingress-suffix
annotation.
Enabling the 'AccessPoint' feature can be done during virtual cluster instance creation in the Loft UI.
- Select the Projects field on the left menu bar.
- Select the project you'd like to create the virtual cluster instance in from the Project drop down menu.
- Click the button.
- Click the button to skip selecting a virtual cluster template.
- In the drawer that appears from the right, click the Ingress Accessbutton to expand the Ingress Access configuration section.
- Slide the Enable Ingress Access slider to enabled.
- Finish configuring anything else you'd like on your virtual cluster, then click the button.
The 'AccessPoint' feature can also be enabled on virtual cluster templates!