As a vSphere administrator, you create a Supervisor Namespace on the Supervisor Cluster. You set resources limits to the namespace and permissions so that DevOps engineers can access it. You provide the URL of the Kubernetes control plane to DevOps engineers where they can run Kubernetes workloads on the namespaces for which they have permissions.

Namespaces on Supervisor Clusters configured with the vSphere networking stack and namespaces on clusters configured with NSX-T Data Center have different networking configuration and capabilities.

Namespaces that you create on Supervisor Clusters configured with NSX-T Data Center support the full set of capabilities of the Workload Management platform. They support both vSphere Pods and Tanzu Kubernetes clusters. The workload networking support for these namespaces is provided by NSX-T Data Center. For more information, see System Requirements and Topologies for Setting Up a Supervisor Cluster with NSX-T Data Center.

Namespaces that you create on a Supervisor Cluster configured with the vSphere networking stack only support Tanzu Kubernetes clusters, they do not support vSphere Pods and you cannot use the Registry Service with them. The workload networking support for these namespaces is provided by the vSphere Distributed Switch that is connected to the hosts part of the Supervisor Cluster. For more information, see System Requirements and Topologies for Setting Up a Supervisor Cluster with vSphere Networking.

Prerequisites

  • Configure a cluster with vSphere with Tanzu.
  • Create users or groups for all DevOps engineers who will access the namespace.
  • Create storage policies for persistent storage that vSphere Pods and pods inside a Tanzu Kubernetes cluster will use. Storage policies can define different types and classes of storage, for example, gold, silver, and bronze.
  • Required privileges:
    • Namespaces.Modify cluster-wide configuration
    • Namespaces.Modify namespace configuration

Procedure

  1. From the vSphere Client home menu, select Workload Platform.
  2. Click Namespaces and click New Namespace.
  3. Select the Supervisor Cluster where you want to place the namespace.
  4. Enter a name for the namespace.
    The name must be in a DNS-compliant format.
  5. From the Network drop-down menu, select a Workload Network for the namespace.
    Note: This step is available only if you create the namespace on a cluster that is configured with the vSphere networking stack.
  6. Enter a description, and click Create.
    The namespace is created on the Supervisor Cluster.
  7. Set permissions so that DevOps engineers can access the namespace.
    1. From the Permissions pane, select Add Permissions.
    2. Select an identity source, a user or a group, and a role, and click OK.
  8. Set persistent storage to the namespace.
    Storage policies that you assign to the namespace control how persistent volumes and Tanzu Kubernetes cluster nodes are placed within datastores in the vSphere storage environment. The persistent volume claims that correspond to persistent volumes can originate from a vSphere Pod or from the Tanzu Kubernetes cluster.
    1. From the Storage pane, select Add Storage.
    2. Select a storage policy to control datastore placement of persistent volumes and click OK.
    After you assign the storage policy, vSphere with Tanzu creates a matching Kubernetes storage class in the Supervisor Namespace. If you use VMware Tanzu™ Kubernetes Grid™ Service, the storage class is automatically replicated from the namespace to the Kubernetes cluster. When you assign multiple storage policies to the namespace, a separate storage class is created for each storage policy.
  9. From the Capacity and Usage pane, select Edit Limits and configure resource limitations to the namespace.
    Option Description
    CPU The amount of CPU resources to reserve for the namespace.
    Memory The amount of memory to reserve for the namespace.
    Storage The total amount of storage space to reserve for the namespace.
    Storage policies limits Set the amount of storage dedicated individually to each of the storage policies that you associated with the namespace.
    A resource pool for the namespace is created on vCenter Server. The storage limitation determines the overall amount of storage that is available to the namespace whereas storage polices determine the placement of persistent volumes for vSphere Pods on the associated storage classes.

What to do next

Share the Kubernetes Control Plane URL with DevOps engineers as well as the user name they can use to log in to the Supervisor Cluster through the Kubernetes CLI Tools for vSphere. You can grant access to more than one namespace to a DevOps engineer.