Tanzu Mission Control – Namespace Management
March 10, 2020When we need to segment resources within a Kubernetes cluster, we often use a namespace. Namespaces can be excellent resources to create a boundary for either networking, role based access, or simply for organizational purposes. It may be common to have some standard namespaces across all of your clusters. Maybe you have corporate monitoring standards and the tools live in a specific namespace, or you always have an ingress namespace thats off limits to developers or something. Managing namespaces across cluster could be tedious, but Tanzu Mission Control lets us manage these namespaces centrally from the TMC console.
Before we build one of these, its important to know that we can group multiple namespaces together as part of a Workspace. A workspace is a Tanzu construct for grouping application resources, much like how a Cluster group is an infrastructure grouping.
Create a Workspace
To create a workspace, go to the Workspaces menu item in the TMC console and click the “NEW WORKSPACE” button.
Give the workspace a name, description, and tags coinciding with your methodology. Then click the “CREATE” button. Thats it! Pretty simple.
Create a Namespace
Now that we have a workspace created, we can define our namespaces. Under the Workspaces menu item, click “NEW NAMESPACE.”
On the following screen select the cluster where the namespace will be created, the workspace it belongs with and then the details for the namespace such as name, description, and tags. Then click “Create.”
Once done, you can see your namespace listed in the Namespaces menu items.
If you click on the namespace, you can see details about resource utilization of that namespace. Right now we don’t have any workloads deployed in here, so lets change that.
I deployed a simple application into the namespace on the cluster and now we can see some better information about what we might see for a production deployment. You can see how this might be helpful for operations teams to visually see what is going on in the cluster. I see this as a useful step on better dialogue between development teams and operations teams.
If you need to provide access to this namespace, there is a button in the corner that will provide instructions on setting up a KUBECONFIG file with context for this namespace.
This has been a nice way to create a namespace from TMC. It should be noted that you can create additional namespaces from within the cluster as well if needed. Not all namespaces need to be under TMC management.
In a future post, you’ll see how to assign policies to these namespaces for better control and governance.