Self-Service Namespace Management
You can use the
vSphere Supervisor
automation
REST
APIs to create a vSphere Namespace
with specific resource quotas,
set permissions, and assign storage policies. DevOps engineers can then use the namespace as
a template for self-provisioning namespaces on the cluster. Starting with vSphere 7.0 Update 2a, the Namespace Self-Service feature is available in
vSphere Supervisor
. The service enables
Kubernetes users to create vSphere Namespaces
from templates configured through the automation REST
APIs or vSphere Client
. To activate the Namespace Self-Service on a cluster,
use one of the following options: - Create a self-service namespace template and then activate the Namespace Self-Service on the cluster.
- Create or update a self-service namespace template simultaneously with activating the Namespace Self-Service on the cluster.
Currently, only one namespace self-service template is allowed per
vSphere Namespace
. After a DevOps engineer
creates a namespace from the template, the namespace can also be deleted through
kubectl
. You can verify whether a namespace is created from a
template by retrieving the value of theself_service_namespace
property of the
Instances.Info
JSON object that you receive in the request
body of the GET
https://
request.<vcenter_ip_address_or_fqdn>
/api/vcenter/namespaces/instances/namespace_id
To create a template for a self-service namespace,
use the
You use as POST
https://
HTTP request.<vcenter_ip_address_or_fqdn>
/api/vcenter/namespaces/namespace-templates/clusters/cluster_id
path
parameter
the cluster ID and
submit in the request body
the namespace
template create specification. You define the following configuration settings and resource limitations of the template:
Property | Description |
|---|---|
template | The identifier of the namespace template must be a unique name across
all clusters on the vCenter Server instance. The name must be compliant with DNS.
|
resource_spec | The resource quotas, such as CPU and memory, that are reserved for the
namespace on the vCenter Server instance. The CPU limit is set in MHz and the minimum
value is 10 MHz. The memory and the storage limits are set in MiB. For more
options to configure resource limits for the namespace, see the
ResourceQuotaOptionsV1 class in the API Reference
documentation. |
storage_specs | The amount of storage in MiB utilized for each storage policy that you
associate with the namespace. You must specify at least one policy.
|
networks | Optional. The networks associated with the namespace. Currently, you
can set only one network for the namespace. Pass null as
argument if the Supervisor is configured with NSX-T Data Center support. If
you pass null for a namespace template on a cluster
configured with a vSphere networking stack, the namespace is automatically
associated with the Supervisor management workload network. |
permissions | Optional. The permissions that allow DevOps engineers to use the
template to self-provision namespaces through kubectl .
If unset , only users with the
Administrator role can use the template. |
Once you have the template created, you can activate the Namespace Self-Service on the
cluster
by issuing the
If you want to restrict DevOps users to use the namespace
template on a cluster, you can deactivate the Namespace Self-Service feature. Then users
are able to delete only the namespaces already created from the template. POST
https://
HTTP request.<vcenter_ip_address_or_fqdn>
/api/vcenter/namespaces/namespace-self-service/<cluster_id>
?action=activateYou can activate the Namespace Self-Service on the cluster after configuring the
namespace template by using the
NamespaceSelfService
service. You issue the
Depending on the availability of a template on the cluster, this
method either creates a namespace template or activates the deactivated service and at
the same time updates the existing template.POST
https://
HTTP request and submit the
<vcenter_ip_address_or_fqdn>
/api/vcenter/namespaces/namespace-self-service/<cluster_id>
?action=activateWithTemplateNamespaceSelfService.ActivateTemplateSpec
JSON object in the
request body.