Namespaces

A central concept of the resources within Application Manager that is used to segregate/isolate resources between different Namespaces. This one of several resource types which allow for multi-tenancy within Application Manager.

Namespaced vs. Non-Namespaced Resources

Resources managed by Application Manager fall into two categories, namespaced and non-namespaced.

The following resources are namespaced and live in the scope of a namespace:

  • Deployment
  • Event
  • Job
  • Role
  • RoleBinding
  • Savepoint
  • SecretValue

The following resources are not namespaced:

  • ApiToken
  • DeploymentTarget
  • ClusterRole
  • ClusterRoleBinding
  • Status

Each resource that is addressable by name requires a unique name for its kind within its namespace, e.g. there can’t be two SecretValue resources with name my-secret-value within the same namespace, but in two different namespaces.

Namespaces allow to separate resources between different teams and use namespace specific access control.

Specification

kind: Namespace
apiVersion: v1
metadata:
  id: 0924487b-ecc4-4286-97e1-de307235abd7
  name: default
  createdAt: 2018-09-03T08:37:23.174Z
  modifiedAt: 2018-09-03T08:37:23.174Z
  resourceVersion: 1
status:
  state: ACTIVE

A namespace is mainly specified by its metadata.name attribute that is provided by users. Every Application Manager instance will create a default namespace with the name default.

The status.state attribute can be either ACTIVE or MARKED_FOR_DELETION after a namespace was deleted.

Create a Namespace

POST /api/v1/namespaces
kind: Namespace
metadata:
  name: my-namespace

This will create a new namespace with the name my-namespace. Note that you have to first create a namespace before you can create any resources in it.

Delete a Namespace

DELETE /api/v1/namespaces/my-namespace
kind: Namespace
apiVersion: v1
metadata:
  id: 4f4bf2f4-6048-48a9-af85-e558ab4f06e5
  name: my-namespace
  createdAt: 2018-09-03T09:47:04.443Z
  modifiedAt: 2018-09-03T09:49:50.750Z
  resourceVersion: 1
status:
  state: MARKED_FOR_DELETION

This will eventually delete the namespace with name my-namespace. Deleting a namespaces marks it for deletion and no new resources can be created within the namespace.

Attention

Deleting a namespaces deletes all resources within the namespace.