github loft-sh/loft v2.0.0-rc.1

latest releases: v4.2.0-alpha.0, v4.1.0, v4.1.0-beta.4...
pre-release2 years ago

!! BREAKING CHANGES !!

  • Older Loft CLI versions are incompatible with Loft backends >= v2.0.0. Newer Loft CLI versions are also incompatible with older Loft backends < v2.0.0.
  • Access Keys that use scopes either need to be recreated or the scope has to be deleted first and then reconfigured.

Deprecation of Accounts, ClusterAccountTemplates & Security Templates

We felt the account system to give users or team access to a cluster was too complicated due to the extra account concept that each user needed an additional account for each cluster in order to access it. Especially cluster account templates were difficult to understand and cumbersome to assign to new users or teams.

Instead of having accounts and cluster account templates for each user and team, you can now create a cluster access object which defines access for multiple users or teams across one or more clusters at once. In this object you will select the affected users and teams instead of the other way around. This makes it easier to define and reuse access for multiple users without the need of an extra resource like cluster account templates. You just define which user or team should have access to which cluster.

image

We deprecated templates and template instances for a new concept called space constraints, which allows you to define resources that should get deployed into a space as well as additionally enforced space metadata (like sleep mode configuration) and space permissions in a single object. This makes it a lot easier than defining multiple separate templates that are then assigned to accounts. Instead you define a space constraints object and assign it to a cluster access object and the space constraints are applied automatically for new spaces. For spaces that were already created, space constraints can be either switched, deleted or applied later on and changes to space constraints can be synced automatically.

image

Existing accounts, cluster account templates and security templates will be converted to cluster access and space constraints objects automatically. You can still manage your accounts and templates in the views that are now marked deprecated. We'll continue to support accounts, cluster account templates and security templates for the next releases.

🚀 App Parameters & Improvements 🚀

We greatly improved apps in Loft. It is now possible to define parameters for apps that will be prompted to the user, which are then used to specify specific values in the app's helm chart values, manifests or bash script. Parameters are a powerful tool to define multi purpose apps that can be additionally configured through a user. These parameters can be defined in the apps view and are later displayed upon space, virtual cluster or app creation. Parameters are also shown if a user is creating a space through the Loft CLI and will be prompted there. You can also fill the parameters automatically by using the Loft CLI with a parameters file.

image

We also added a new app type called 'Bash App' that allows you to define a bash script that runs inside a container that deploys your application. Loft will then spin up a pod in the target cluster, space or virtual cluster that uses this script to create your application. This allows you to install more complex applications or modify your existing environment. This new type will be deployed internally as a helm chart and can be managed like any other app, including rollbacks, upgrades and parameters.

You are now also able to define a README for your application which is displayed later on as a side drawer. If the app is a helm chart, Loft will also automatically try to read the README from the chart bundle.

image

🚀 Sleep Mode Schedule 🚀

It is now possible to define schedules for automatic wakeup or sleeping of spaces or virtual clusters. This can be either configured in the space template, space constraints or space itself. This allows you to put a space to sleep or wake it up at certain times automatically. We also greatly improved the sleep mode display, which now shows a lot more information than before and allows you to see the last activity within the space as well as projected sleeping times based on the sleep mode configuration.

image

🚀 Activity 🚀

Auditing is now enabled by default in Loft and activity of Loft users or teams is shown in spaces, clusters, virtual clusters or the audit view. This allows you to track exactly what users and teams are doing in the management instance, any of the connected clusters or virtual clusters. These logs are by default written to a local sqlite database, but can be either persisted with a persistent volume or written to an external MySQL database. Like before, audit logs can be also streamed to the console or with a new option propagated to a sidecar container that will stream the audit logs.

image

🚀 Cluster & Management Roles 🚀

We added views for cluster roles that define permissions for users or teams within connected clusters or spaces. These roles can now be managed globally across multiple clusters and are then synced to actual Kubernetes cluster roles. Such cluster roles include for example Space Admin, vcluster Admin, Cluster Admin etc. In addition to roles that define access to connected clusters, there are now also management roles that define permissions for users or teams inside the management instance, like apps or cluster creator, which makes it easier to manage those roles in the management instance.

image

🚀 Display names and descriptions 🚀

One limiting factor of self-service within Loft was name collision of management resource objects, such as apps, shared secrets, clusters etc. In order to overcome this problem and allow users to actually change names of already created objects, we added display names and descriptions to all objects. The Kubernetes name now acts as an ID instead, but is usually not shown in the Loft UI or CLI at all, which makes it easier for teams and users to create and describe their own objects in Loft.

image

📦 Other Changes 📦

  • Added a new button to open a terminal to a pod within the Loft UI
  • Logs are now followed automatically in the Loft UI and searchable
  • Integrated a new yaml editor where managedFields and status sections are folded automatically
  • Many tables are now refreshing automatically to show status updates or to remove deleted entries
  • Loft will now execute space, virtual cluster or app instantiations as well as some other actions in a small container. These actions are called tasks and their output is now streamed to the Loft UI instead of executed within the Loft container directly. Old task logs can be viewed in the 'Audit -> Tasks' view
  • Added descriptions to most tables in Loft UI
  • New apply manifests button to apply any manifest to either the management instance or a connected cluster through a task
  • Improved virtual clusters view that now shows if the virtual cluster is unavailable
  • Simplified shared secrets view and removed the extra data view
  • New cli command loft reset password to easily reset forgotten or changed password
  • Loft will now deploy some example resources upon installation such as example space templates, virtual cluster templates and apps
  • Improved Users > Assigned Cluster Roles view
  • Greatly improved loft start to be easier to use and more stable
  • New restore license key button in the Loft UI
  • Fixed several problems with user impersonation in virtual clusters and connected clusters
  • Improved sso flow if user loses access to the backing identity provider
  • Spaces now have a reference to the Loft user or team instead of account
  • Spaces do not have an ownerreference anymore and are not automatically deleted if a user or team is deleted or loses access to the cluster

Don't miss a new loft release

NewReleases is sending notifications on new releases.