Skip to content

Get Started

Overview

This self-paced guide helps explore the platform’s capabilities for provisioning and managing isolated Kubernetes namespaces on shared, multi-tenant clusters using the Namespace as a Service template from the template catalog.

Why Use Templates for Namespace as a Service?

Templates simplify the provisioning and management of Kubernetes namespaces by offering pre-configured, customizable IaC. These templates:

  • Ensure consistency and reduce the time required to set up isolated namespaces
  • Enable organization administrators to enforce governance while allowing teams the flexibility to customize resource quotas
  • Streamline workflows such as user onboarding, RBAC configuration, and namespace quota management
  • Improve collaboration and operational efficiency on shared, multi-tenant Kubernetes clusters

Prerequisites

Before proceeding, ensure the following:

  • Access to a shared Kubernetes cluster within your Rafay project where namespaces can be provisioned
  • Appropriate RBAC permissions to request and manage namespaces using templates
  • The Namespace as a Service template is published and available in the project’s template catalog
  • A valid Rafay API Key for authenticating with the Rafay controller. Follow these instructions to generate an API key
  • The host cluster where the NaaS template is deployed must use a Custom Blueprint based on the default blueprint and have OPA Gatekeeper enabled

    Note: This is required when Org/PaaS Admins enable the "Network Policy" input variable. The solution uses OPA Gatekeeper to enforce the generated network policy if this option is selected.

  • (Optional) Custom resource quota values if you intend to override the default settings during namespace provisioning

What This Template Will Do

By using this template, the following actions will be automated:

  • Create a Kubernetes Namespace: A new namespace will be provisioned in the designated cluster using the specified environment name.
  • Apply Default Resource Quotas: The namespace will be configured with predefined CPU and memory limits to ensure fair resource allocation.
  • Set Up RBAC for Namespace Administration: A new group will be created with Namespace Admin privileges specific to the provisioned namespace.
  • Grant User Access: The requesting user will automatically be added to the new RBAC group for full administrative access.

This template enables rapid, consistent provisioning of isolated Kubernetes namespaces on shared, multi-tenant clusters with minimal manual setup.

Part 1: Select and Share the Template

This section guides you on selecting and sharing the Namespace as a Service template with a project.

Step 1: Create a Project

  • Navigate to the Home Your Projects section
  • Click Create a New Project and name it namespace-as-a-service-project for this guide

Create Project

Step 2: Select and Share the Template

  • As an Org Admin, go to Template Catalog
  • Select the Namespace as a Service template and click Get Started
  • Provide the following details:
    • A unique name for the shared template
    • A version name (e.g., 1.0)
    • Select the project to share the template with (e.g., namespace-as-a-service-project) and click Continue

Create Project

The platform redirects you to the Environment Template page under the selected project (namespace-as-a-service-project)

  • Go to Agents and configure the required Agent to drive the workflow. Select the Agent from the dropdown list. If no Agents are shown, the Agent may need to be set up (refer to the prerequisites)

Create Project

Part 2: Launch the Template to Create a Namespace as a Service

Configuration Customization

  • Customize and templatize all Namespace as a Service configurations using input variables, including:

    • Cluster and Namespace Settings:

      • Target cluster and associated project
      • Namespace name, labels, and annotations
      • Preset or custom resource quotas for CPU and memory
      • Network policy settings and allowed namespaces

    • Access Control and Authentication:

      • Host server and authentication details (client certificate, key, and CA data)
      • Option to provide full kubeconfig content for access automation

  • Restrict user edits for specific variables by:

    • Setting overrides to Not Allowed to prevent changes at launch time
    • Providing default values to enforce consistency across namespace provisioning requests

Create Project

Config Context

  • Save the template as a Draft to allow ongoing edits until the configuration is finalized. Once all changes are complete, set it as an Active Version to freeze the version. Learn more about version management.

Launch Template

Refer to the Input Variables for more details on these configuration parameters.

Part 3: Launch the Template

Launch the template within the same project or share it with other projects for end-user access.

  • Go to the Environments section within the namespace-as-a-service-project project or the shared project
  • The shared template will be listed and ready for use

EKS Template

  • Click Launch
  • Provide only the configuration options exposed to the template consumer
  • All other configurations are pre-configured and set as override: Not Allowed to ensure a simple and streamlined experience for the end user

Launch Template

Deleting/Destroying the Namespace

  • Navigate to the environment where the namespace was created
  • Click Destroy and confirm the action by selecting Yes
  • This action will delete the namespace along with any associated resources managed as part of the namespace lifecycle

Conclusion

By following these steps, you have successfully:

  • Selected and shared the template for Namespace as a Service
  • Used the template to manage the lifecycle of the namespace

These templates streamline the provisioning and management of namespaces, enforce organizational policies, and provide flexibility for workload-specific requirements.