Manage Allowed Node Types
Allowed node types control which node types can be referenced by NodeClaims created in a project. Use this to restrict tenants to a subset of the node types available on the platform. For example, you can use this to limit a project to a specific provider or instance class.
Behavior​
The project field is spec.allowedNodeTypes. Each entry has a name that is either an exact node type name (for example, aws.large) or a provider wildcard (such as aws.*, which matches every node type belonging to provider aws).
| Value | Effect |
|---|---|
| Unset (field omitted) | All node types are allowed. This is the default. |
Empty list (allowedNodeTypes: []) | No node types are allowed. NodeClaims in the project are rejected. |
| One or more entries | Only allows node types matching any specified entry. |
Matching rules:
- Names are case sensitive.
- The wildcard is only recognized as the suffix
.*.aws.*matchesaws.largebut does not matchawsx.large. - The platform rejects a NodeClaim that explicitly references a disallowed node type at creation time.
- For unbound NodeClaims (no
typeRef), the reconciler filters candidate node types againstallowedNodeTypesat scheduling time and never assigns a disallowed type to the claim.
Changing allowedNodeTypes requires permission to update the project's allowedNodeTypes subresource.
Configure allowed node types​
Edit the project and set spec.allowedNodeTypes:
apiVersion: management.loft.sh/v1
kind: Project
metadata:
name: team-a
spec:
allowedNodeTypes:
- name: aws.*
- name: metal3.gpu-h100
This project can use any node type from the aws provider, plus the specific metal3.gpu-h100 type.
To disallow all node types in a project:
spec:
allowedNodeTypes: []