Skip to content


The RCTL utility provides the means to manage the lifecycle of namespaces across the fleet of managed clusters. The following operations can be performed on namespaces managed by the controller on the fleet of clusters.

Resource Create Get Update Delete Publish Unpublish
Namespace YES YES NO YES N/A N/A

Managed Namespaces

As a multi cluster operations platform, the Controller creates/deletes namespaces on managed Kubernetes clusters dynamically in a just in time (JIT) manner. For example, namespaces will be created on target clusters when a workload or blueprint is deployed to it based on specified policy.

For explicit and immediate operations on a namespace on a cluster, use the Zero Trust KubeCTL to manage these directly.

Create Namespace

Create a new "managed" namespace in the current Project in the Controller.


./rctl create namespace demo


./rctl create namespace -f <namespace yaml>

The namespace yaml file should look like the following

kind: Namespace
  name: demo
# Spec is optional. Required only if PSP has to be specified.
  psp: test-psp
  description: Some description


Avoid upper case characters for the name because Kubernetes does not support it.

List Namespaces

Use this to retrieve/list all "managed namespaces" in the currently specified "Project". An illustrative example is shown below.

./rctl get namespace

NAME                    TIER
security                NoLimits
ingress-nginx           NoLimits
amazon-cloudwatch       NoLimits
newrelic                NoLimits

Delete Namespace

Delete a "managed namespace" in the current project context using the following command.

./rctl delete namespace <name of namespace>


Managed namespaces cannot be deleted if they are in active use by workloads or blueprints.