Skip to content

How can a project member create a namespace via command line (kubectl)

This document (000021426) is provided subject to the disclaimer at the end of this document.

Environment

Rancher Version: v2.7.x and above

Situation

In a project setting, a collaborating member can seamlessly establish a namespace via the user interface for workload deployment. For proponents of GitOps and users predominantly utilizing command-line interfaces (CLIs), this approach proves beneficial for deploying a project's namespace efficiently.

Resolution

To efficiently configure user access and namespace deployment within a project environment, the following steps should be undertaken:

  • Create a user profile with ANY user permissions (User-Base, Administrator, Restricted Administrator, Standard User) and assign the role of ‘Project Member’ within the Project through the Rancher user interface
  • Login to the Rancher user interface as the new user.
  • Initiate the generation of a KUBECONFIG file via the user interface linked to the respective user's profile.
  • Develop a namespace manifest incorporating the specific annotation: " field.cattle.io/projectId: c-m-zk2csxxp:p-bsr6h", where "c-m-zk2csxxp" represents the ClusterID for the targeted cluster and "p-bsr6h" signifies the projectID.

Example:

apiVersion: v1
kind: Namespace
metadata:
  name: demo
  annotations:
    field.cattle.io/projectId: c-m-cbkjbt2m:p-872c7
  • Configure the system environment variable, KUBECONFIG, to point to the newly generated kubeconfig file from Command Line Interface of your choice.
  • Execute the kubectl create command to instantiate the namespace creation process.
  • Validate the operation's success by verifying the newly created namespace within the designated project through the Rancher user interface.

Additional Information

  • Ensure to use the kubectl create command and not the kubectl apply command. When you are doing apply, it is trying to do a "get" to see if the namespace exists. Since, the namespace is not present, the operation would fail with the below error message when you use the apply command:
kubectl apply -f ns.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=namespaces", GroupVersionKind: "/v1, Kind=Namespace"
Name: "demo", Namespace: ""
from server for: "ns.yml": namespaces "demo" is forbidden: User "u-v26xr" cannot get resource "namespaces" in API group "" in the namespace "demo"

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.