Create a vSphere Namespace

You can use the vSphere with Tanzu automation APIs to create namespaces on a Supervisor Cluster. You can set resource quotas, storage, as well as permissions for the DevOps users.

Prerequisites

  • Enable vSphere with Tanzu on a vSphere cluster.

  • Create users and groups for the DevOps engineers who will use the namespace. For more information about how to create users and groups through the Web Services APIs, see the vSphere Web Services SDK Programming Guide.

  • Create storage policies for persistent storage used by the vSphere Pods and the pods inside a Tanzu Kubernetes cluster.

  • Create VM Classes and content libraries for DevOps provisioned VMs. See Create a VM Class in vSphere with Tanzu and Creating and Managing Content Libraries for VM Provisioning in vSphere with Tanzu.

  • Required privileges on the Supervisor Cluster:
    • Namespaces.Modify cluster-wide configuration
    • Namespaces.Modify namespace configuration
    • Virtual Machine Classes.Manage Virtual Machine Classes

Procedure

  1. Retrieve the Supervisor Cluster ID by filtering the clusters available in the vCenter Server system.

    Call the list operation of the Cluster service from the vcenter package and retrieve the cluster ID from the returned cluster summary.

  2. Retrieve the ID of the storage policy that you configured for placement of the persistent volumes from vSphere Pods and Tanzu Kubernetes clusters.
  3. Configure the access control to the objects in the namespace.

    Create an instance of the Instances.Access class and specify the following access information:

    Parameter Description
    domain / setDomain(domain) Set the domain name of the vCenter Server system on which the namespace is created.
    subject_type / setSubjectType(subjectType) Set the type of the user accounts that are associated with the specific role for the namespace. You must select between the USER and GROUP options.
    subject / setSubject(subject) Set the name of the user or group that have permissions to access the namespace objects.
    role / setRole(role) Set the role that is associated with the predefined set of privileges that you want to grant the specific user or group. You can select between the EDIT, VIEW and OWNER roles.

    The owner role is introduced in vSphere 7.0 Update 2a. When a DevOps engineer creates a namespace in a self-service manner, the Namespace Self-Service grants the owner role to the namespace creator. See Self-Service Namespace Management.

  4. Create a CreateSpec instance that holds the namespaces specification.

    The namespace specification can contain the following information:

    Parameter Description
    cluster / setCluster(cluster) Set the ID of the Supervisor Cluster on which the namespace is created.
    namespace / setNamespace(namespace) Set a name of the namespace following the DNS label standard defined in RFC 1123. The name must be unique across all namespaces in the current vCenter Server system.
    networks / setNetworks(java.util.List<java.lang.String> networks) Optional. You can set the workload networks used by the vSphere Namespace. Pass null as a value of this parameter, if the Supervisor Cluster is configured to use the NSX-T Data Center as networking solution. The workload networking support for such namespaces is provisioned by the NSX-T Data Center.

    If the Supervisor Cluster uses the vSphere networking stack, pass the workload network to be associated with the namespace. If you pass null as a value of this parameter, the vSphere Namespaces on the cluster are automatically associated with the cluster primary workload network. See Configuring the vSphere Networking Stack for vSphere with Tanzu.

    description / setDescription(description) Optional. You can set a description of the namespace.
    access_list / setAccessList(accessList) Optional. You can set the access control that is associated with the namespace in Step 3.
    storage_specs / setStorageSpecs(storageSpecs) Optional. You can set the amount of storage dedicated to each storage policy associated with the namespace and the maximum amount of storage that is used by the namespace. Use the StorageSpec specification to configure the storage quotas on the namespace.
    resource_spec / setResourceSpec(resourceSpec) Optional. You can set resource limitations to the namespace. You can limit the CPU, memory, the maximum number of pods that can exist on the namespace, and so on.
    creator / setCreator(InstancesTypes.Principal creator) Optional. The Namespace Self-Service populates this parameter with information about the DevOps user who created the namespace with cubectl. The user name and domain of the namespace creator are stored with this parameter.
    vm_service_spec / setVmServiceSpec(InstancesTypes.VMServiceSpec vmServiceSpec) Optional. The VM Service specification for the Dev-Ops provisioned virtual machines.
  5. Create a namespace object on the Supervisor Cluster by using the namespace create specification.

What to do next

Share the namespace with DevOps engineers and provide them with the user or group configured for accessing the namespace.