Create a
vSphere Namespace

You can use the
vSphere Supervisor
automation
REST
APIs to create namespaces on a
Supervisor
. You can set resource quotas, storage, as well as permissions for the DevOps users.
  • Enable
    vSphere Supervisor
    on a vSphere cluster.
  • Create users and groups for the DevOps engineers who will use the namespace. For more information about how to create users and groups through the Web Services APIs, see the
    vSphere Web Services SDK Programming Guide
    .
  • Create storage policies for persistent storage used by the
    vSphere Pod
    s and the pods inside a
    TKG
    cluster.
  • Required privileges on the
    Supervisor
    :
    • Namespaces
      Modify cluster-wide configuration
    • Namespaces
      Modify namespace configuration
    • Virtual Machine Classes
      Manage Virtual Machine Classes
  1. Retrieve the
    Supervisor
    ID by filtering the clusters available in the
    vCenter Server
    system.
    Use the
    GET https://
    <vcenter_ip_address_or_fqdn>
    /api/vcenter/namespace-management/clusters
    request and retrieve the ID of the cluster on which you want to create a namespace from the list of cluster summary JSON objects.
  2. Retrieve the ID of the storage policy that you configured for placement of the persistent volumes from
    vSphere Pod
    s and
    TKG
    clusters.
  3. Configure the access control to the objects in the namespace.
    Populate the properties of the
    Instances.Access
    data structure with appropriate values:
    Property
    Description
    domain
    Set the domain name of the
    vCenter Server
    system on which the namespace is created.
    subject_type
    Set the type of the user accounts that are associated with the specific role for the namespace. You must select between the
    USER
    and
    GROUP
    options.
    subject
    Set the name of the user or group that have permissions to access the namespace objects.
    role
    Set the role that is associated with the predefined set of privileges that you want to grant the specific user or group. You can select between the
    EDIT
    ,
    VIEW
    and
    OWNER
    roles.
    The owner role is introduced in vSphere 7.0 Update 2a. When a DevOps engineer creates a namespace in a self-service manner, the Namespace Self-Service grants the owner role to the namespace creator. See Self-Service Namespace Management.
  4. Populate the
    Instances.CreateSpec
    data structure with the appropriate namespace specification information.
    The namespace specification can contain the following information:
    Property
    Description
    cluster
    Set the ID of the
    Supervisor
    on which the namespace is created.
    namespace
    Set a name of the namespace following the DNS label standard defined in RFC 1123. The name must be unique across all namespaces in the current
    vCenter Server
    system.
    networks
    Optional. You can set the workload networks used by the
    vSphere Namespace
    . Pass
    null
    as a value of this parameter, if the
    Supervisor
    is configured to use
    NSX
    as networking solution. The workload networking support for such namespaces is provisioned by
    NSX
    .
    If the
    Supervisor
    uses the vSphere networking stack, pass the workload network to be associated with the namespace. If you pass
    null
    as a value of this parameter, the
    vSphere Namespace
    s on the cluster are automatically associated with the cluster primary workload network. See Configuring the vSphere Networking Stack for vSphere Supervisor.
    description
    Optional. You can set a description of the namespace.
    access_list
    Optional. You can set the access control that is associated with the namespace in Step 3.
    storage_specs
    Optional. You can set the amount of storage dedicated to each storage policy associated with the namespace and the maximum amount of storage that is used by the namespace. Use the
    StorageSpec
    specification to configure the storage quotas on the namespace.
    resource_spec
    Optional. You can set resource limitations to the namespace. You can limit the CPU, memory, the maximum number of pods that can exist on the namespace, and so on.
    creator
    Optional. The Namespace Self-Service populates this parameter with information about the DevOps user who created the namespace with
    cubectl
    . The user name and domain of the namespace creator are stored with this parameter.
    vm_service_spec
    Optional. The VM Service specification for the Dev-Ops provisioned virtual machines.
  5. Create a namespace object on the
    Supervisor
    by using the namespace create specification.
    Use the
    POST https://
    <vcenter_ip_address_or_fqdn>
    /api/vcenter/namespaces/instances
    request and submit an
    Instances.CreateSpec
    JSON object in the request body.
Share the namespace with DevOps engineers and provide them with the user or group configured for accessing the namespace.