Quick Look: Namespace Self-Service in vSphere with Tanzu

Introduction
A quick one today following on from the marathon VM Service blog and video yesterday. It's normal for Kubernetes users to want to create namespaces, and in the vSphere with Tanzu Supervisor Cluster, we wanted to enable that too - while making sure the vSphere admin is assured they are staying within assigned resource limits and quotas.
It is with that thought in mind that i'm happy to introduce the Namespace Self-Service feature for vSphere with Tanzu. This feature allows Kubernetes users (humans or bots) to create vSphere Namespaces inside which they can spin up vSphere Pods, TKG Clusters or, as of yesterday, VMs.
Show me how it works
What do I need to set up
It's very simple to get going with this feature, update your vCenter to 7.0 U2a, upgrade the Supervisor Cluster inside your Workload Management tab and navigate to Cluster -> Configure -> Namespaces -> General
.
Choose Enable
and fill in the information around resourcing and how much you want allocated by default per namespace.
Assign permissions to the users or groups you want to allow access to create vSphere Namespaces themselves and you're done!
How does the Kubernetes user use it
Very simply, there is nothing special they need to do - simply log into the supervisor cluster as usual with:
kubectl vsphere login --server 192.168.0.1 --insecure-skip-tls-verify -u administrator@vsphere.local
And they can create namespaces, or delete namespaces they have created (importantly, only namespaces they have created, not other user's ones).
❯ kubectl create ns self-service-namespace
namespace/self-service-namespace created
We can also see what limits are placed on the namespace from kubectl
directly:
❯ kubectl describe ns self-service-namespace
Name: self-service-namespace
Labels: vSphereClusterID=domain-c50
Annotations: vmware-system-namespace-owner-count: 1
vmware-system-resource-pool: resgroup-188
vmware-system-resource-pool-cpu-limit: 4.1710
vmware-system-resource-pool-memory-limit: 20480Mi
vmware-system-self-service-namespace: true
vmware-system-vm-folder: group-v189
Status: Active
Resource Quotas
Name: self-service-namespace
Resource Used Hard
-------- --- ---
requests.storage 0 100Gi
Name: self-service-namespace-storagequota
Resource Used Hard
-------- --- ---
wcpglobal-storage-profile.storageclass.storage.k8s.io/requests.storage 0 9223372036854775807
No LimitRange resource.
Conclusion
All in all, a very simple, but very important feature - allowing your Kubernetes users the ability to create their own vSphere Namespaces on-demand, all while staying within the guardrails you as the IT team have set for them.
For more info or questions on this, reach out to Myles on Twitter.