April 28, 2021

Quick Look: Namespace Self-Service in vSphere with Tanzu

A quick overview of the new Namespace Self-Service feature in vSphere with Tanzu 7.0 U2a.


A quick one today following on from the marathon VM Service blog and video yesterday. It's normal for Kubernetes users to want to create namespaces, and in the vSphere with Tanzu Supervisor Cluster, we wanted to enable that too - while making sure the vSphere admin is assured they are staying within assigned resource limits and quotas.

It is with that thought in mind that i'm happy to introduce the Namespace Self-Service feature for vSphere with Tanzu. This feature allows Kubernetes users (humans or bots) to create vSphere Namespaces inside which they can spin up vSphere Pods, TKG Clusters or, as of yesterday, VMs.

Show me how it works

What do I need to set up

It's very simple to get going with this feature, update your vCenter to 7.0 U2a, upgrade the Supervisor Cluster inside your Workload Management tab and navigate to Cluster -> Configure -> Namespaces -> General.

vSphere with Tanzu Namespace Self Service

Choose Enable and fill in the information around resourcing and how much you want allocated by default per namespace.

Setting Namespace Quotas

Assign permissions to the users or groups you want to allow access to create vSphere Namespaces themselves and you're done!

Namespace Self Service Permissions

How does the Kubernetes user use it

Very simply, there is nothing special they need to do - simply log into the supervisor cluster as usual with:

kubectl vsphere login --server --insecure-skip-tls-verify -u administrator@vsphere.local

And they can create namespaces, or delete namespaces they have created (importantly, only namespaces they have created, not other user's ones).

❯ kubectl create ns self-service-namespace
namespace/self-service-namespace created

We can also see what limits are placed on the namespace from kubectl directly:

❯ kubectl describe ns self-service-namespace
Name:         self-service-namespace
Labels:       vSphereClusterID=domain-c50
Annotations:  vmware-system-namespace-owner-count: 1
              vmware-system-resource-pool: resgroup-188
              vmware-system-resource-pool-cpu-limit: 4.1710
              vmware-system-resource-pool-memory-limit: 20480Mi
              vmware-system-self-service-namespace: true
              vmware-system-vm-folder: group-v189
Status:       Active

Resource Quotas
 Name:             self-service-namespace
 Resource          Used  Hard
 --------          ---   ---
 requests.storage  0     100Gi

 Name:                                                                   self-service-namespace-storagequota
 Resource                                                                Used  Hard
 --------                                                                ---   ---
 wcpglobal-storage-profile.storageclass.storage.k8s.io/requests.storage  0     9223372036854775807

No LimitRange resource.


All in all, a very simple, but very important feature - allowing your Kubernetes users the ability to create their own vSphere Namespaces on-demand, all while staying within the guardrails you as the IT team have set for them.

For more info or questions on this, reach out to Myles on Twitter.

Associated Content

home-carousel-icon From the action bar MORE button.

Filter Tags

Modern Applications vSphere with Tanzu Kubernetes Blog Demo Announcement Feature Walkthrough Technical Overview Overview Intermediate Deploy Manage