A vSphere Namespace sets the resource boundaries where vSphere Pods, VMs, and Tanzu Kubernetes Grid clusters can run. As a vSphere administrator, you create and configure vSphere Namespaces through the vSphere Client.

When initially created, a vSphere Namespace has unlimited resources within the Supervisor. As a vSphere administrator, you can set limits for CPU, memory, storage, as well as the number of Kubernetes objects that can run within the vSphere Namespace. Storage limitations are represented as storage quotas in Kubernetes. A resource pool is created in vSphere per each vSphere Namespace on the Supervisor

In a Supervisor activated on vSphere Zones, a namespace resource pool is created on each vSphere cluster that is mapped to a zone. The vSphere Namespace spreads across all three vSphere clusters part of the vSphere Zones. The resources utilized to a vSphere Namespace on a three-zone Supervisor are taken from all three underlying vSphere clusters on equal parts. For example, if you dedicate 300 MHz of CPU, 100 MHz are taken from each vSphere cluster.

Figure 1. vSphere Namespace

The diagrams shows a vSphere Namespace running inside a Supervisor and vSphere Pods, VMs, and TKG clusters inside the namespace.

To provide access to namespaces to DevOps engineer, as a vSphere administrator you assign permission to users or user groups available within an identity source that is associated with vCenter Single Sign-On or from an OIDC provider that is registered with the Supervisor. For more information, see vSphere with Tanzu Identity and Access Management.

After a namespace is created and configured with resource and object limits as well as with permissions and storage policies, as a DevOps engineer you can access the namespace to run workloads such as Tanzu Kubernetes Grid clusters, vSphere Pods ,and VMs created through the VM service.

Differences Between a vSphere Namespace and Kubernetes Namespace

Although in it's core a vSphere Namespace serves the same function as a Kubernetes namespace, a vSphere Namespace is specific to the vSphere with Tanzu platform. You should not confuse a vSphere Namespace with a Kubernetes namespace.

A vSphere Namespace is implemented as an extension to a vSphere resource pool and it's function is to provide resources to workloads running in the Supervisor. A vSphere Namespace has a direct mapping to a Kubernetes namespace through which object and storage quotas are enforced upon workloads.

Another difference with a regular Kubernetes namespace is that the vSphere administrator manages the user access to vSphere Namespaces, as mentioned from above. The vSphere administrator can also associate VM classes and Content Libraries containing VM templates that DevOps engineers can use to self-service VMs. For more information, see Deploying and Managing Virtual Machines in vSphere with Tanzu.