github loft-sh/loft v1.12.0

latest releases: v4.2.0-alpha.0, v4.1.0, v4.1.0-beta.4...
3 years ago

🚀 Policies

We have integrated policies support into Loft. Policies allow you to customize and extend Loft with jsPolicy. As Loft internally uses Kubernetes resources for anything (including UI requests), you can customize almost everything with policies.

The following use cases are now possible with policies:

  • Custom validation of users, teams, spaces, clusters and other objects. For example, you can:
    • Deny creation, updating or deletion of resources only for specific users or teams
    • Deny security critical objects such as privileged pods in clusters
    • Ensure unique names, hosts or other properties across a cluster
  • Automatic mutation of created or updated resources. For example, you can:
    • Add a label or annotation which user or team created an object
    • Inject sidecar containers into a pod
    • Add groups, cluster account templates etc. automatically to a user
  • Automation of certain cluster tasks, such as:
    • Automatic creation, update or deletion of users, accounts, spaces etc. on a certain condition
    • Sync certain resources within a cluster
    • Garbage collection of not needed resources

For more information, please take a look at the loft documentation.

🚀 New Features

  • New apps.repositories[*].username, apps.repositories[*].password and apps.repositories[*].insecure field to specify credentials for private helm repositories
  • It is now possible to exclude certain clusters for specific users and teams in cluster account templates. This can be specified via the loft.sh/account-templates-ignore-clusters annotation on a user or team

🐛 Fixes

  • Fixed an issue where bulk editing spaces could delete space permissions
  • Fixed an issue where webhooks would not be called for the management.loft.sh api group or loft resources in general
  • Fixed an issue where webhooks would not be called for kiosk api resources such as spaces
  • Fixed an issue where account quota limits & requests were not correctly displayed in the Loft UI

📦 Other

  • Loft is now more forgiving if reconcile of a cluster fails due to installing kiosk and will not set the cluster to Error state anymore. Rather it will print the error to the console and retry after a waiting period.
  • Changed the base image of loft from distroless to alpine to allow easier debugging of loft
  • Updated kiosk to v0.2.6

Don't miss a new loft release

NewReleases is sending notifications on new releases.