You can use the vSphere IaaS control plane automation REST APIs to create a vSphere Namespace with specific resource quotas, set permissions, and assign storage policies. DevOps engineers can then use the namespace as a template for self-provisioning namespaces on the cluster.
- Create a self-service namespace template and then activate the Namespace Self-Service on the cluster.
- Create or update a self-service namespace template simultaneously with activating the Namespace Self-Service on the cluster.
Currently, only one namespace self-service template is allowed per vSphere Namespace. After a DevOps engineer creates a namespace from the template, the namespace can also be deleted through kubectl. You can verify whether a namespace is created from a template by retrieving the value of the self_service_namespace property of the Instances.Info JSON object that you receive in the request body of the GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespaces/instances/namespace_id request.
To create a template for a self-service namespace, use the POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespaces/namespace-templates/clusters/cluster_id HTTP request. You use as path parameter the cluster ID and submit in the request body the namespace template create specification.
| Property | Description |
|---|---|
| template | The identifier of the namespace template must be a unique name across all clusters on the vCenter Server instance. The name must be compliant with DNS. |
| resource_spec | The resource quotas, such as CPU and memory, that are reserved for the namespace on the vCenter Server instance. The CPU limit is set in MHz and the minimum value is 10 MHz. The memory and the storage limits are set in MiB. For more options to configure resource limits for the namespace, see the ResourceQuotaOptionsV1 class in the API Reference documentation. |
| storage_specs | The amount of storage in MiB utilized for each storage policy that you associate with the namespace. You must specify at least one policy. |
| networks | Optional. The networks associated with the namespace. Currently, you can set only one network for the namespace. Pass null as argument if the Supervisor is configured with NSX-T Data Center support. If you pass null for a namespace template on a cluster configured with a vSphere networking stack, the namespace is automatically associated with the Supervisor management workload network. |
| permissions | Optional. The permissions that allow DevOps engineers to use the template to self-provision namespaces through kubectl. If unset, only users with the Administrator role can use the template. |
Once you have the template created, you can activate the Namespace Self-Service on the cluster by issuing the POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespaces/namespace-self-service/<cluster_id>?action=activate HTTP request. If you want to restrict DevOps users to use the namespace template on a cluster, you can deactivate the Namespace Self-Service feature. Then users are able to delete only the namespaces already created from the template.
You can activate the Namespace Self-Service on the cluster after configuring the namespace template by using the NamespaceSelfService service. You issue the POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespaces/namespace-self-service/<cluster_id>?action=activateWithTemplate HTTP request and submit the NamespaceSelfService.ActivateTemplateSpec JSON object in the request body. Depending on the availability of a template on the cluster, this method either creates a namespace template or activates the deactivated service and at the same time updates the existing template.
