Skip to main content
Version: main 🚧

Ingress Access

Typically, tenant clusters are accessed via the platform proxy, that is, requests to the tenant cluster API server, are proxied through the platform itself. This behavior allows for the platform to act as a single endpoint for all tenant clusters in the platform deployment. Because of this behavior, the platform is also able to act as a central point of authentication and authorization, and to log all interactions (if vCluster Platform Auditing is licensed and enabled).

In some situations you may prefer to access a tenant cluster API server directly, that is, not via the platform proxy. This behavior can be enabled with the tenant cluster AccessPoint feature. Enabling AccessPoint on a tenant cluster requires that the control plane cluster has a valid ingress controller deployed, and the Cluster object has the loft.sh/ingress-suffix annotation set with a valid domain.

The hostname used to access a tenant cluster that has the AccessPoint feature enabled, will be of the following format:

<VIRTUAL_CLUSTER_INSTANCE_NAME>-<PROJECT_NAME>.<INGRESS_SUFFIX>

Where the <VIRTUAL_CLUSTER_INSTANCE_NAME> is the name of the tenant cluster instance, the <PROJECT_NAME> is the name of the project the tenant cluster instance is created in, and the <INGRESS_SUFFIX> is the value from the loft.sh/ingress-suffix annotation on the cluster.

Enable ingress access when creating the tenant cluster​

Enabling the AccessPoint feature can be done during tenant cluster creation in the Platform UI.

  1. From the project drop-down menu (top left corner), select the project you'd like to create the tenant cluster in.

  2. Click on Virtual Clusters.

  3. Click the button.

  4. Click the button to skip selecting a tenant cluster template.

  5. Click the Advanced Options.

  6. Click the Ingress Access to expand the configuration section.

  7. Slide the Enable Ingress Access slider to enable the ingress action.

  8. Finish configuring anything else you'd like on your tenant cluster, then click the button.

Virtual Cluster Templates

The AccessPoint feature can also be enabled on the template.