This topic tells you how to use Namespace Provisioner to customize namespaces in controller mode in Tanzu Application Platform (commonly known as TAP).
When managing multiple developer namespaces in a cluster, it is often necessary to customize each namespace individually. To customize a namespace in controller mode, add parameters to a namespace through labels and annotations using either the default prefix or a custom-defined prefix.
In GitOps mode, you can configure these parameters in the GitOps file. For more information, see Customize the label and annotation prefixes that controller watches.
Caution If a parameter is initially created through annotations and later a label with the same key is used, the annotation is overwritten.
- The format for specifying the parameter is:
<prefix>/<parameter-key>=<parameter-value>. - The parameter key can be a single string or a pseudo JSON-path structure, for example,
kye1.inner-key1.inner-key3.inner-key4. This is translated into a structured format in the values. - The label value can only be a string.
- If you need to pass a list or another object as the parameter value, annotations should be used
instead. Annotations support using
[]to define lists and{}to define objects - All parameters created with labels and annotations can be utilized when using templates for
resources in ytt
additional_sourcesfromdata.values.
Examples:
-
To define a list of tools used by the namespace:
kubectl annotate ns dev param.nsp.tap/project.tools='["git", "maven"]'The
desired-namespacesConfigMap will look like:#@data/values --- namespaces: - name: dev project: tools: - git - maven
-
To add a list of objects:
kubectl annotate ns dev param.nsp.tap/volume.claims='[{"name": "logs", "mountPath": "/var/logs/app"}, {"name": "truststore", "mountPath": "/opt/app/ssl"}]The
desired-namespacesConfigMap will look like:#@data/values --- namespaces: - name: dev volume: claims: - name: logs mountPath: /var/logs/app - name: truststore mountPath: /opt/app/ssl
-
Simple key-value:
kubectl annotate ns dev param.nsp.tap/scanpolicy=relaxedThe
desired-namespacesConfigMap will look like:#@data/values --- namespaces: - name: dev scanpolicy: relaxed
-
Object as value:
kubectl annotate ns dev param.nsp.tap/maven.values='{"username":"user", "password":"my-pass","repo":"myrepo","version":"0.1.1-alpha.0"}'The
desired-namespacesConfigMap will look like:#@data/values --- namespaces: - name: dev maven: values: username: user password: my-pass repo: myrepo Version: 0.1.1-alpha.0
Namespace Provisioner reserves certain parameters for its use. The following is a list of parameters
used by the Namespace Provisioner, which apply to both the default_parameters in tap-values.yaml and the namespace parameters through labels and annotations:
limits(object): Use to configure the LimitRange. For more information, see Customize Limit Range defaults.skip_limit_range(boolean): Use to determine if the LimitRange should be created. For more information, see Customize Limit Range defaults.skip_grype(boolean): Use to determine if Grype scanner resources are going to be created. For more information, see Deactivate Grype install.supply_chain_service_account(object): Contains the secrets and imagePullSecrets to be added to the Supply Chain ServiceAccount. For more information, see Customize service accounts.delivery_service_account(object): Contains the secrets and imagePullSecrets to be added to the delivery ServiceAccount. For more information, see Customize service accounts.