As a vSphere administrator, you can create a vSphere Namespace, set CPU, memory, and storage limits to the namespace, assign permissions, and activate the namespace service on a cluster as a template. As a result, DevOps engineers can create a vSphere Namespace in a self-service manner and deploy workloads within it.

Self-Service Namespace Creation and Configuration Workflow

As a vSphere administrator, you can create a vSphere Namespace, set CPU, memory, and storage limits to the namespace, assign permissions, and provision or activate the namespace service on a cluster as a template.
Figure 1. Self-service Namespace Template Provisioning Workflow
""
As a DevOps engineer, you can create a vSphere Namespace in a self-service manner and deploy workloads within it. You can share it with other DevOps engineers or delete it when it is no longer required. To share the namespace with other DevOps engineers, contact the vSphere administrator.
Figure 2. Self-service Namespace Creation Workflow
""

Create and Configure a Self-Service Namespace Template

As a vSphere administrator, you can create and configure a Supervisor Namespace as a self-service namespace template. DevOps engineers can then create and delete Supervisor Namespaces using the kubectl command line.

Prerequisites

Configure a cluster with vSphere IaaS control plane.

Procedure

  1. In the vSphere Client, navigate to the Supervisor.
  2. Click the Configure tab, and select General under Supervisor.
  3. Select Namespace Service.
  4. Toggle the Status switch to enable the feature.
    The Create Namespace Template page appears.
  5. In the Configuration pane, configure resources for the namespace.
    Option Description
    CPU The amount of CPU resources to reserve for the namespace.
    Memory The amount of memory to reserve for the namespace.
    Storage The total amount of storage space to reserve for the namespace.
    Storage Policy Storage policies to use with workloads that require persistent storage.
    Network From the Network drop-down menu, select a network for the namespace.
    VM Classes VM classes to deploy stand-alone VMs.
    Content Libraries Content libraries with VM images to use for VM deployments.
  6. Click Next.
  7. In the Permissions pane, add DevOps engineers and groups to empower them to use the template to create namespaces.
    Select an identity source and a user or a group and click Next.
  8. In the Review and Confirm pane, the properties you configure are displayed.
    Review the properties and click Done.

Results

A namespace template is configured and is in Active state. As a vSphere administrator, you can edit the template. DevOps engineers can use the template to create namespaces.

Deactivate a Self-Service Namespace

As a vSphere administrator, you can deactivate a self-service namespace on the cluster.

When you deactivate a self-service namespace template, DevOps engineers cannot use the template to create new namespaces on the cluster. They can delete the namespaces that they have already created.

Procedure

  1. In the vSphere Client, navigate to the Supervisor.
  2. Click the Configure tab, and select General under Supervisor.
  3. In the Namespace Service pane, toggle the Status switch to deactivate the template.
  4. To activate the template again, toggle the Status switch.
    You can either create another self-service namespace or use the existing one.

Create a Self-Service Namespace

As a DevOps Engineer, you can create a self-service namespace and run workloads within it. Once you create the namespace, you can share it with other DevOps Engineers or delete it when it is no longer required.

Prerequisites

  • Verify that a vSphere administrator has created and activated a self-service namespace template on the cluster. See Create and Configure a Self-Service Namespace Template.
  • Verify that you are added to the permissions list in the self-service namespace template either individually or as a member of a group .
  • Get the IP address of the Supervisor control plane.

Procedure

  1. Using the vSphere Plugin for kubectl, authenticate with the Supervisor. See Connect to the Supervisor as a vCenter Single Sign-On User. 
    kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME
  2. Switch context to the Supervisor. 
    kubectl config use-context SUPERVISOR-CLUSTER-IP
  3. Create a self-service namespace on the cluster. 
    kubectl create namespace NAMESPACE NAME
    For example 
    kubectl create namespace test-ns
    Note: Owner permissions are available to DevOps Engineers after you enable vSphere IaaS control plane and upgrade the cluster. If you have only upgraded vCenter Server and not the cluster, the Devops Engineers will only have edit permissions on the namespaces.
    The namespace that you create appears in the cluster. To share the namespace with other DevOps engineers, contact the vSphere administrator.

Create a Self-Service Namespace with Annotations and Labels

DevOps engineers can create self-service namespaces with annotations and labels using the kubectl command line.

DevOps engineers can use a YAML manifest with user-defined annotations and labels.

Procedure

  1. Log in to the Supervisor.
    kubectl vsphere login --server IP-ADDRESS-SUPERVISOR-CLUSTER --vsphere-username VCENTER-SSO-USERNAME
  2. Create a namespace YAML manifest file with annotations and labels.
    kubectl create -f ns-create.yaml
    For example, create the following ns-create.yaml file: 
    apiVersion: v1
kind: Namespace
metadata:
  name: test-ns-yaml
  labels:
    my-label: "my-label-val-yaml"
  annotations:
    my-ann-yaml: "my-ann-val-yaml"
  3. Apply the YAML manifest.
    kubectl create -f ns-create.yaml

    Or

    kubectl apply -f ns-create.yaml
  4. Describe the namespace that you created to see the changes. 
    root@localhost [ /tmp ]# kubectl describe ns test-ns-yaml
Name:         test-ns-yaml
Labels:       my-label=my-label-val-yaml
              vSphereClusterID=domain-c50
Annotations:  my-ann-yaml: my-ann-val-yaml
              vmware-system-namespace-owner-count: 1
              vmware-system-resource-pool: resgroup-171
              vmware-system-resource-pool-cpu-limit: 0.4770
              vmware-system-resource-pool-memory-limit: 2000Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v172
Status:       Active
 
Resource Quotas
 Name:             test-ns-yaml
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     5000Mi
 
 Name:                                                                           test-ns-yaml-storagequota
 Resource                                                                        Used  Hard
 --------                                                                        ---   ---
 namespace-service-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807
 
No LimitRange resource.

Update a Self-Service Namespace Using kubectl annotate and kubectl label

As a DevOps engineer you can update or delete self-service namespace annotations and labels using the kubectl annotate and kubectl label commands.

Prerequisites

Verify that you have owner permissions on the namespace that you want to update.

Procedure

  1. Log in to the Supervisor.
    kubectl vsphere login --server IP-ADDRESS-SUPERVISOR-CLUSTER --vsphere-username VCENTER-SSO-USERNAME
  2. Describe the namespace that you want to update. 
    root@localhost [ /tmp ]# kubectl describe ns testns
Name:         testns
Labels:       my-label=test-label-2
              vSphereClusterID=domain-c50
Annotations:  my-ann: test-ann-2
              vmware-system-namespace-owner-count: 2
              vmware-system-resource-pool: resgroup-153
              vmware-system-resource-pool-cpu-limit: 0.4770
              vmware-system-resource-pool-memory-limit: 2000Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v154
Status:       Active
 
 
Resource Quotas
 Name:             testns
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     5000Mi
 
 
 Name:                                                                           testns-storagequota
 Resource                                                                        Used  Hard
 --------                                                                        ---   ---
 namespace-service-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807
  3. Update annotations using the kubectl annotate command.
    For example, kubectl annotate --overwrite ns testns my-ann="test-ann-3"
    To delete an annotation, run the command kubectl annotate --overwrite ns testns my-ann-
  4. Update labels using the kubectl label command.
    For example, kubectl label --overwrite ns testns my-label="test-label-3"
    To delete a label, run the command kubectl label --overwrite ns testns my-label-
  5. Describe the namespace to see the updates. 
    root@localhost [ /tmp ]# kubectl describe ns testns
Name:         testns
Labels:       my-label=test-label-3
              vSphereClusterID=domain-c50
Annotations:  my-ann: test-ann-3
              vmware-system-namespace-owner-count: 2
              vmware-system-resource-pool: resgroup-153
              vmware-system-resource-pool-cpu-limit: 0.4770
              vmware-system-resource-pool-memory-limit: 2000Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v154
Status:       Active
 
 
Resource Quotas
 Name:             testns
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     5000Mi
 
 
 Name:                                                                           testns-storagequota
 Resource                                                                        Used  Hard
 --------                                                                        ---   ---
 namespace-service-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807
 
 
No LimitRange resource.

Update a Self-Service Namespace Using kubectl edit

As a DevOps engineer you can update self-service namespaces using the kubectl edit command.

Prerequisites

Verify that you have owner permissions on the namespace that you want to update.

Procedure

  1. Log in to the Supervisor.
    kubectl vsphere login --server IP-ADDRESS-SUPERVISOR-CLUSTER --vsphere-username VCENTER-SSO-USERNAME
  2. Describe the namespace that you want to update. 
    kubectl describe ns testns-1
Name:         testns
Labels:       vSphereClusterID=domain-c50
Annotations:  my-ann: test-ann-2
              vmware-system-namespace-owner-count: 2
              vmware-system-resource-pool: resgroup-153
              vmware-system-resource-pool-cpu-limit: 0.4770
              vmware-system-resource-pool-memory-limit: 2000Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v154
Status:       Active
 
 
Resource Quotas
 Name:             testns-1
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     5000Mi
 
 
 Name:                                                                           testns-1-storagequota
 Resource                                                                        Used  Hard
 --------                                                                        ---   ---
 namespace-service-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807
  3. Edit the namespace using the kubectl edit command.
    For example, kubectl edit ns testns-1
    The kubectl edit command opens the namespace manifest in the text editor defined by your KUBE_EDITOR or the EDITOR environment variable.
  4. Update the labels.
    For example, my-label=test-label
  5. Update the annotations.
    For example, my-ann: test-ann
  6. Describe the namespace to see the updates. 
    root@localhost [ /tmp ]# kubectl describe ns testns-1
Name:         testns-1
Labels:       my-label=test-label
              vSphereClusterID=domain-c50
Annotations:  my-ann: test-ann
              vmware-system-namespace-owner-count: 1
              vmware-system-resource-pool: resgroup-173
              vmware-system-resource-pool-cpu-limit: 0.4770
              vmware-system-resource-pool-memory-limit: 2000Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v174
Status:       Active
 
 
Resource Quotas
 Name:             testns-1
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     5000Mi
 
 
 Name:                                                                           testns-1-storagequota
 Resource                                                                        Used  Hard
 --------                                                                        ---   ---
 namespace-service-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807
 
 
No LimitRange resource.

Delete a Self-Service Namespace

As a DevOps Engineer, you can delete a self-service namespace that you create.

Prerequisites

Verify that you have created a self-service namespace using the vSphere Plugin for kubectl.

Procedure

  1. Using the vSphere Plugin for kubectl, authenticate with the Supervisor. See Connect to the Supervisor as a vCenter Single Sign-On User.
  2. Delete the self-service namespace from the cluster. 
    kubectl delete namespace NAMESPACE NAME
    For example: 
    kubectl delete namespace test-ns