'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
Project-level resources
A project groups environments and shared infrastructure under one organization. Besides workspaces, Loopback exposes several project-scoped services you should know about — they are not children of a single workspace by default.
Load balancers (project scope)
Project load balancers are managed front ends (IPv4/IPv6, algorithms such as round-robin or least connections) that can absorb traffic for services in the project.
Typical use cases:
- One stable IP/DNS entry for multiple backends in different workspaces.
- Shared ingress pattern before traffic reaches workspace-specific services.
You manage:
- Load balancer create/update/delete (permission: project load balancer).
- Targets — backend servers or addresses (project or workspace-scoped target routes exist).
- Services — higher-level groupings or ports (terminology matches product routes).
Contrast: Workspace load balancers attach explicitly to one workspace (see Workspace load balancers).
Object storage (S3-compatible)
Object stores are buckets with credentials and usage tracking, billed and owned at organization but created under a project in the v2/v3 API split.
You can:
- List buckets for a project.
- Create buckets (name + kind / provider flavor — validated before creation).
- Manage credentials (access keys) with dedicated permission.
- Manage bucket policy documents where exposed.
The product may ship both v2 and v3 object-storage route families over time; capabilities converge on the same bucket + credentials + policy model.
Background reconciliation syncs usage and policies (see Reconciliation).
DNS zones (project scope)
Project DNS zones delegate DNS authority for a subdomain or pattern to the project team, separate from organization-wide record zones.
Use when:
- Each project owns its own API hostname namespace.
- You want blast-radius isolation for who may create records.
Workspace-scoped DNS zones also exist for finer delegation.
Monitoring (project scope)
Projects may host:
- Monitoring objects — things you probe (HTTP, SSL, Kubernetes signals, host metrics, …).
- Conditions — thresholds and operators on those probes.
- Alert state — firing/cleared lifecycle.
- Monitoring alerts — incident records for your team.
Permissions are split so you can grant read-only monitoring vs acknowledge alerts vs configure conditions.
Organization-level monitoring sources and notification channels feed into how alerts become tickets or chat messages.
See Monitoring & alerts.
Bundles (cross-cut)
Bundle repositories and bundle definitions are organization-scoped, but some bundle environment or revision routes also appear under project paths for UX convenience. The canonical ownership is still the organization.
See Bundles.
What still lives only under workspaces
Even though the project is the parent container, these are workspace-attached:
- Hosts and scaling groups
- Agent tokens and shell sessions
- Kubernetes cluster features (unless purely project-level version listing helpers)
- Workspace load balancers