VMware vCenter 7 introduced vSphere with Kubernetes. This feature allows for hosting of Kubernetes workloads in vCenter. Read more about it here.
In the Kubernetes world, a namespace is a group of resources available to host workloads similar to the resource pool concept in vCenter. These resources include not only compute but also storage and networking resources. Namespaces provide an abstraction that holds both Kubernetes and vCenter policy allowing for vCenter administrators to provide resources to developers while maintaining control and policy enforcement.
The namespace has a separate set of permissions and allows the vCenter administrator to grant access to the developers that would use that namespace to run workloads. If the namespace needs access to a specific storage class, the administrator can grant access to that storage through a Storage Policy.
With PowerCLI 12.0, we introduced a new module – VMware.VimAutomation.WorkloadManagement, which allows you to automate tasks related to workload management in vCenter. With the first version of this module, we are enabling the automation of setting up a new namespace. The examples below assume you have successfully enabled workloads for a Cluster in vCenter.
You can create a new namespace using the New-WMNamespace command. Note that the namespace name must be a valid Kubernetes identifier.
$workloadCluster = Get-Cluster "MyWorkloadsCluster"
$devNamespace = New-WMNamespace -Name "dev-project-a" -Description "Workloads for project A" -Cluster$workloadCluster
You need to define a Storage Policy in vCenter that the workloads running in the namespace would use. You can define multiple Storage Policy objects if the namespace would use more than one type of storage.
For this example, we define a policy called “RedundantStorage” that we want the developers to be able to use for their application storage. We set a limit of 30000 MiB. This limit can be changed later.
$redundantStorage = Get-SpbmStoragePolicy "RedundantStorage"
New-WMNamespaceStoragePolicy -Namespace $devNamespace -StoragePolicy $redundantStorage -LimitMiB 30000
This storage is available as a Kubernetes storage class that the developers can reference in their application specifications.
Next, we need to give permissions to the developers working on that project so they can use the namespace. For this example, we assume they are members of the group email@example.com and they need Edit rights for the namespace.
New-WMNamespacePermission -Namespace $devNamespace -Role Edit -Domain "mydomain.local" -PrincipalType Group -PrincipalName "team1"
Now the developers should be able to use the Kubernetes namespace.
To verify that the namespace is available, follow the “Link to CLI Tools” in the web interface shown when you open the Namespace. This provides you with the instructions specific to your version and a link to download Kubectl and the vSphere plugin. Developers should use those instructions to connect and use this namespace.