Skip to content


Namespaces are groups of apps, containers, volumes, and other resources.


Create the file my-ns.yaml with the following content, where johank is your project name

apiVersion: v1
kind: Namespace
  name: johank-myfirstns

Try to install it on Kubernetes with

kubectl create -f my-ns.yaml

ICE Connect will stop you because my-ns.yaml is missing projectId.

Error from server: admission webhook "iceguard-server.iceguard-webhook.svc"
denied the request: Failed to find annotation, please
add it to your yaml file, here are some suggestions:

To add a new namespace to project: johank, try the following yaml:
apiVersion: v1
kind: Namespace
   annotations:  c-tmfxj:p-h7kxq

Add the last two rows to my-ns.yaml

apiVersion: v1
kind: Namespace
  name: johank-myfirstns
  annotations: c-tmfxj:p-h7kxq

Run kubectl create -f my-ns.yaml again, and it will succeed.

Delete the namespace with

kubectl delete -f my-ns.yaml

Default namespace

To avoid specifying -n or --namespace in all kubectl commands - set a default namespace

kubectl config set-context --current --namespace=johank-myfirstns

Check the current namespace context with

kubectl config get-contexts icekube
*         icekube   icekube   icekube    johank-myfirstns

Managing quotas

By default, a namespace inherits the default limits and requests (reservation) values specified for the user's Rancher project. An error will be generated if any of these values exceed the project quotas.

However, a user can override the default values and specify resource limits for a specific namespace. This makes it possible to give a certain namespace more resources than another. Two additional annotations are used to specify resource and request limits for a namespace, as shown below:

Namespace resource quota {

These defaults are set on containers with no limits specified. Optional, but the user must manually set limits on Pods if not specified. See the next section for more information. {

The following attribute values are possible to specify in the JSON format above.

  • limitsMemory - Limit on max RAM usage
  • requestsMemory - Reserved RAM usage
  • requestsStorage - Reserved size of hard drive
  • persistentVolumeClaims - Limits the number of persistent storage devices
  • requestsCpu - Reserved CPU usage
  • (limitsCpu) - Optional. When not specified, pods will use all free CPU cores available (up to 64). However, in some circumstances, it might be appropriate to use it.

Below is an example of resource quota in a namespace file.

apiVersion: v1
kind: Namespace
  name: johank-myfirstns
  annotations: c-tmfxj:p-h7kxq |
      {"requestsCpu":"500m","requestsMemory":"256Mi","limitsMemory":"256Mi"} |

Note that the annotations above are automatically set by Rancher if the namespace is created from the Rancher Web UI.

Read the namespace quotas using the command below.

kubectl get ns johank-myfirstns -o=go-template='{{index .metadata.annotations ""}}'
  "limit": {
    "limitsMemory": "1024Mi",
    "requestsCpu": "1000m",
    "requestsMemory": "1024Mi",
    "requestsStorage": "1Gi"