Using Virtual Cluster API in Loft
Loft is able to proxy virtual cluster requests similar to proxying connected cluster requests.
In order to access a virtual cluster through Loft, you'll need a Loft access key. See access keys for more information how to create a new access key.
With the access key $ACCESS_KEY
, the virtual cluster name $VCLUSTER
, the namespace $NAMESPACE
where the virtual cluster was created in and the cluster name $CLUSTER
where the namespace is in, you can then query the kubernetes API of the virtual cluster like any other kubernetes API server by prefixing /kubernetes/virtualcluster/$CLUSTER/$NAMESPACE/$VCLUSTER/
:
# Retrieve all namespaces (use --insecure if you are using a self signed certificate)
$ curl https://my-loft.com/kubernetes/virtualcluster/$CLUSTER/$NAMESPACE/$VCLUSTER/api/v1/namespaces \
-H "Authorization: Bearer $ACCESS_KEY"
{
"kind": "NamespaceList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces",
"resourceVersion": "2735295"
},
"items": [
{
"metadata": {
"name": "kube-system",
"selfLink": "/api/v1/namespaces/kube-system",
...
RBAC Permissions
In order for a user to access a virtual cluster the user needs the RBAC permission get
on the resource virtualclusters
in the api group storage.loft.sh
with api version v1
in the namespace where the virtual cluster is in or cluster wide