Skip to main content
Version: 3.0 (beta)

Using Virtual Cluster API in Loft

Loft is able to proxy virtual cluster requests similar to proxying connected cluster requests.

In order to access a virtual cluster through Loft, you'll need a Loft access key. See access keys for more information how to create a new access key.

With the access key $ACCESS_KEY, the virtual cluster name $VCLUSTER, the namespace $NAMESPACE where the virtual cluster was created in and the cluster name $CLUSTER where the namespace is in, you can then query the kubernetes API of the virtual cluster like any other kubernetes API server by prefixing /kubernetes/virtualcluster/$CLUSTER/$NAMESPACE/$VCLUSTER/:

# Retrieve all namespaces (use --insecure if you are using a self signed certificate)
$ curl https://my-loft.com/kubernetes/virtualcluster/$CLUSTER/$NAMESPACE/$VCLUSTER/api/v1/namespaces \
-H "Authorization: Bearer $ACCESS_KEY"
{
"kind": "NamespaceList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces",
"resourceVersion": "2735295"
},
"items": [
{
"metadata": {
"name": "kube-system",
"selfLink": "/api/v1/namespaces/kube-system",
...
RBAC Permissions

In order for a user to access a virtual cluster the user needs the RBAC permission get on the resource virtualclusters in the api group storage.loft.sh with api version v1 in the namespace where the virtual cluster is in or cluster wide