Quick Look: Namespace Self-Service in vSphere with Tanzu
A quick one today following on from the marathon VM Service blog and video yesterday. It's normal for Kubernetes users to want to create namespaces, and in the vSphere with Tanzu Supervisor Cluster, we wanted to enable that too - while making sure the vSphere admin is assured they are staying within assigned resource limits and quotas.
It is with that thought in mind that i'm happy to introduce the Namespace Self-Service feature for vSphere with Tanzu. This feature allows Kubernetes users (humans or bots) to create vSphere Namespaces inside which they can spin up vSphere Pods, TKG Clusters or, as of yesterday, VMs.
Show me how it works
What do I need to set up
It's very simple to get going with this feature, update your vCenter to 7.0 U2a, upgrade the Supervisor Cluster inside your Workload Management tab and navigate to
Cluster -> Configure -> Namespaces -> General.
Enable and fill in the information around resourcing and how much you want allocated by default per namespace.
Assign permissions to the users or groups you want to allow access to create vSphere Namespaces themselves and you're done!
How does the Kubernetes user use it
Very simply, there is nothing special they need to do - simply log into the supervisor cluster as usual with:
kubectl vsphere login --server 192.168.0.1 --insecure-skip-tls-verify -u email@example.com
And they can create namespaces, or delete namespaces they have created (importantly, only namespaces they have created, not other user's ones).
❯ kubectl create ns self-service-namespace namespace/self-service-namespace created
We can also see what limits are placed on the namespace from
❯ kubectl describe ns self-service-namespace Name: self-service-namespace Labels: vSphereClusterID=domain-c50 Annotations: vmware-system-namespace-owner-count: 1 vmware-system-resource-pool: resgroup-188 vmware-system-resource-pool-cpu-limit: 4.1710 vmware-system-resource-pool-memory-limit: 20480Mi vmware-system-self-service-namespace: true vmware-system-vm-folder: group-v189 Status: Active Resource Quotas Name: self-service-namespace Resource Used Hard -------- --- --- requests.storage 0 100Gi Name: self-service-namespace-storagequota Resource Used Hard -------- --- --- wcpglobal-storage-profile.storageclass.storage.k8s.io/requests.storage 0 9223372036854775807 No LimitRange resource.
All in all, a very simple, but very important feature - allowing your Kubernetes users the ability to create their own vSphere Namespaces on-demand, all while staying within the guardrails you as the IT team have set for them.
For more info or questions on this, reach out to Myles on Twitter.