Skip to main content
Version: 2.0 (Latest)

Space Constraints in Loft

Space Constraints allow you to define restrictions for namespaces such as enforced resources that will be deployed to each new namespace a user creates (e.g. NetworkPolicies) or other enforced settings such as mandatory labels, annotations, or any sleep mode configurations.

Working with Space Constraints

1. Create Space Constraints
  1. Go to the Clusters view using the menu on the left
  2. Switch to the Space Constraints tab
  3. Click the button to create a new space constraints object
  4. In the drawer that appears on the right, use the field Display Name to specify a Name for your space constraints object
  5. Expand the Enforce Resources section to specify manifests that should be deployed to and enforced in each namespace that is affected by these space constraints
  6. Expand the Enforce Space Settings section to specify other space settings such as sleep mode, auto-delete, labels and annotations that should be enforced for each namespace that is affected by these space constraints
  7. On the very bottom, click on the button to create this space constraints object
2. Enforce Space Constraints For Users & Teams
  1. Go to the Clusters view using the menu on the left
  2. Switch to the Cluster Access tab
  3. Hover over the cluster access that you want to apply these space constraints to and click on the button to Edit the cluster access
  4. In the drawer that appears on the right, expand the Restrictions section
  5. Use the Enforce Space Constraints field to select the Space Constraint that you want to enforce for all spaces created using this cluster access
  6. On the very bottom, click on the or button to save the changes
  7. Switch to the Cluster Access tab
  8. Hover over the cluster access of the user or team that you want to configure automatic sleep mode for and click on the button to Edit the cluster access
  9. In the drawer that appears on the right, expand the Restrictions section
  10. Use the Enforce Space Constraints field to select the Space Constraint you edited or created in Step 3 above
  11. On the very bottom, click on the button to save the changes
Test with Impersonation

After following the steps above, all spaces created using the cluster access in step 7 will now enforce these space constraints. You can test this behavior by impersonating a user that uses this cluster access.

Configuration

Metadata

Display Name

JSONPath in SpaceConstraint CRD:
 spec.displayName (type: string)

Kubernetes Name

JSONPath in SpaceConstraint CRD:
 metadata.name (type: string)

Description

JSONPath in SpaceConstraint CRD:
 spec.description (type: string)

Labels

JSONPath in SpaceConstraint CRD:
 metadata.labels (type: map[string]string)

Annotations

JSONPath in SpaceConstraint CRD:
 metadata.annotations (type: map[string]string)

Enforce Resources

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.spec.spaceTemplate.objects (type: {})

Enforce Sleep Mode

Inactivity Timeout

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations["sleepmode.loft.sh/sleep-after"] (type: string)

Auto-Delete Timeout

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations["sleepmode.loft.sh/delete-after"] (type: string)

Sleep Schedule

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations["sleepmode.loft.sh/sleep-schedule"] (type: string)

Wake-Up Schedule

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations["sleepmode.loft.sh/wakeup-schedule"] (type: string)

Scheduling Timezone

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations["sleepmode.loft.sh/timezone"] (type: string)

Enforce Labels & Annoations

Labels

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.labels (type: map[string]string)

Annotations

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.metadata.annotations (type: map[string]string)

Advanced Options

Clusters

JSONPath in SpaceConstraint CRD:
 spec.clusters (type: string[])

Sync Constraint Changes

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.spec.sync (type: string)

Owner's Cluster Role

JSONPath in SpaceConstraint CRD:
 spec.localSpaceConstraintTemplate.spec.spaceTemplate.clusterRole (type: map[string]string)

Access To Space Constraints

JSONPath in SpaceConstraint CRD:
 spec.access (type: Access[])

CRDs

SpaceConstraint

apiVersion
string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind
string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

object (io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta)

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

object (com.github.loft-sh.api.pkg.apis.management.v1.SpaceConstraintSpec)

SpaceConstraintSpec holds the specification

object (com.github.loft-sh.api.pkg.apis.management.v1.SpaceConstraintStatus)

SpaceConstraintStatus holds the status

{
  • "apiVersion": "string",
  • "kind": "string",
  • "metadata": {
    },
  • "spec": {
    },
  • "status": {
    }
}