Pricing

Loft provides integrations for all major single sign-on providers, including:

• Okta, OneLogin
• GitHub, GitLab
• Azure Active Directory and LDAP
• OpenID Connect
• SAML2
• and many more

You can even connect multiple authentication providers in Loft and let users choose how they want to sign in.

Loft provides integrations for all major single sign-on providers, including:

• Okta, OneLogin
• GitHub, GitLab
• Azure Active Directory and LDAP
• OpenID Connect
• SAML2
• and many more

You can even connect multiple authentication providers in Loft and let users choose how they want to sign in.

If your SSO provider defines groups for users, Loft will automatically create teams for each group and make sure users become part of the appropriate teams in Loft if they are part of the linked group as defined in your SSO provider's system.

Loft also keeps team memberships up-to-date, e.g. if you remove someone from a group in your SSO provider's system, the user will also be removed from the associated team in Loft.

Loft allows you to define so called Space Constraints which allow you to enforce any kind of Kubernetes resource inside a Space, e.g. a NetworkPolicy or a LimitRange. If you define a NetworkPolicy as part of a Space Constraint, that means that when any user who is bound by this Space Constraint creates a Space, Loft will create a namespace and then add the NetworkPolicy to this namespace.
‍

Loft also keeps Space Constraint resources in sync:

• If a resource is (accidentially) deleted, Loft will automatically recreate it to ensure that the Space Constraint is enforced at all times.
• If a Space Constraint changes (e.g. changing a NetworkPolicy), Loft will automatically update all resources in already created namespaces to match the updated resource inside the Space Constraint.

RBAC is one of the most complicated and error-prone parts of Kubernetes. With Loft, you can rest assured that RBAC is configured with a "least permission required" mindset and all rules are kept up-to-date with zero manual effort.
‍

Loft provides several ClusterRoles that are used for automatic RBAC but you can modify these roles or add new ones to fully customize access control for your users and teams.

Quotas in Loft let you define resource limits per user or per team. Quotas in Loft work just like ResourceQuotas in Kubernetes but instead of just allowing you to limit resources per namespace, quotas in Loft are aggregated across all namespaces of a user or a team, and they even work for virtual clusters.

Sleep mode puts namespaces and virtual clusters to sleep after a customizable period of inactivity. That means that you can configure that all workloads of a user will be turned off at night or over the weekend to save a substantial amount of cost for your Kubernetes clusters. If your clusters autoscale, you can typically save more than 70% of cloud computing cost with sleep mode. Sleep mode can be configured per user, per team or even per individual namespace.
‍

Auto Wakeup: Sleep mode is 100% automatic and so is resuming from sleep. If an engineer runs a kubectl command against a sleeping namespace or virtual cluster, Loft halts the request for a second, restores the state of the sleeping namespace or virtual cluster, and then lets the request through. So, engineers don't have to do anything manually to profit from massive cost savings

‍

Instead of putting namespaces and virtual clusters to sleep, Loft can also provides an auto-delete functionality which uses the same inactivity detection logic and timeout triggering as sleep mode but instead of putting anything to sleep, Loft will delete the respective namespace or virtual cluster if auto-delete is configured.
‍

Auto-delete and sleep mode may also be used in combination, e.g. sleep after 30 minutes and then auto-delete after 10 days of inactivity.

Maintainers of shared secrets can configure who can read, update or delete them. Admins can also configure who may create shared secrets in the first place.

Loft provides integrations for all major single sign-on providers, including:

• Okta, OneLogin
• GitHub, GitLab
• Azure Active Directory and LDAP
• OpenID Connect
• SAML2
• and many more

You can even connect multiple authentication providers in Loft and let users choose how they want to sign in.

Loft's audit logging feature logs all interactions of users with their connected clusters, namespaces and virtual clusters. That means that you can replay sessions and review any kubectl commands that a user executed, etc.

Loft allows admins to lock/disable users. These users cannot log in anymore and will not be able to use their spaces or virtual clusters any longer. Disabling a user is a security feature but also has a cost benefit since disabled users do not lose any data but they will not count towards the user limit anymore.

Loft provides high availability for all components in the Loft management cluster as well as in all connected clusters. High availability is achieved via replication for stateless components and via leader election (with warm standby) for state-manageing components (controllers).

Loft can be installed using an offline license key. This means that the Loft instance does not need to verify the license key with our license servers which means that Loft can be installed to Virtual Private Clouds and fully air-gapped data centers.

We provide a public Slack channel via slack.loft.sh

For enterprise customers, we also offer to set up a shared Slack or Microsoft Teams channel that will not be publicly accessible. Only members of your organization will be able to join this channel to receive direct support from our engineers.

Our customer success team is a constant point of contact for you that will help you after the initial setup. We are very quick to respond to feature requests and bug reports, and our team is committed to ensure that you are getting the most out of Loft for your current and any future use cases that Loft may be used for in your organization.

Our customer success team is a constant point of contact for you that will help you after the initial setup. We are very quick to respond to feature requests and bug reports, and our team is committed to ensure that you are getting the most out of Loft for your current and any future use cases that Loft may be used for in your organization.

We can provide custom services level agreements for high-volume customers. Please contact us via sales@loft.sh if you are interested in a custom SLA.

‍