WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

Quick deep dive into vSphere Namespace roles

10.28.2021 by William Lam // 1 Comment

Before you can start consuming a vSphere with Tanzu enabled vSphere Cluster, you need to first create and configure a vSphere Namespace. This is a pretty straight forward process (check out this quick video if you are interested). One of the required configuration is to setup up permissions for which user/groups can access and consume the vSphere Namespace using one of the three default roles.


A question was recently raised in the community on the definition of each role since the user was not able to find more details in the official documentation. Here is a quick summary for each role and its functionality:

  • Owner - Can modify and delete vSphere Namespace
  • Can Edit - Can modify vSphere Namespace
  • Can View - Can perform read only operations on vSphere Namespace

Note: I have already shared this feedback with the vSphere with Tanzu Product Manager to help improve our documentation on this topic

There was also a related question on whether these roles mapped into Kubernetes (K8s) layer, which is the Supervisor Cluster in your vSphere with Tanzu enabled vSphere Cluster? This actually got me curious since I am still a novice when it comes to K8s access control (RBAC). I decided to take a closer look and with some trial error, I was able to see how these vSphere Namespace roles, which is a vCenter Server construct maps into the respective K8s constructs within the Supervisor Cluster.

[Read more...]

Categories // VMware Tanzu Tags // vSphere Kubernetes Service, vSphere Namespace

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download TokenĀ  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...