Create and configure Managed Fleet Namespaces (preview)

Applies to: ✔️ Fleet Manager with hub cluster

This article shows you how to use Fleet Manager to create and configure a Managed Fleet Namespace that defines resource quotas, network policies, and delegated user access for the namespaces on multiple clusters.

If you're looking to view or access existing Managed Fleet Namespaces you have access to, see view and access Managed Fleet Namespaces.

Important

Azure Kubernetes Fleet Manager preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. Azure Kubernetes Fleet Manager previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use.

Known limitations

When a Managed Fleet Namespace adopts a single cluster Managed Kubernetes Namespace or vice versa, it may lead to conflicting ownership. To avoid, use a delete policy of keep for both the Managed Fleet and Kubernetes Namespaces.
Clusters you specify must be members of the fleet managed by the same Fleet Manager which controls the Managed Fleet Namespace.
Clusters must have a Kubernetes version of at least 1.30.0. Clusters below this version will not block users on the cluster from modifying the placed Kubernetes resources.
RBAC roles assigned to a Managed Fleet Namespace scope will grant equivalent access to any unmanaged Kubernetes namespaces on member clusters with the same name.

Before you begin

You need an Azure account with an active subscription. Create an account for free.
You need a Fleet Manager with a hub cluster. If you don't have one, see create and join at least one Azure Kubernetes Service (AKS) cluster to the fleet.
Understand the Managed Fleet Namespace concept by reading the overview.
You need Azure CLI version 2.78.0 or later installed to complete this article. To install or upgrade, see Install Azure CLI.
You need the fleet Azure CLI extension version 1.8.0 or later. You can install it and update to the latest version using the [az extension add][az-extension-add] and az extension update commands.
```
# Install the extension
az extension add --name fleet

# Update the extension
az extension update --name fleet
```
Confirm the fleet extension version is at least 1.8.0 using the az extension show command.
```
az extension show --name fleet
```

Set the following environment variables for your subscription ID, resource group, Fleet, and Fleet Member:

export SUBSCRIPTION_ID=<subscription-id>
export GROUP=<resource-group-name>
export FLEET=<fleet-name>
export FLEET_ID=<fleet-id>

Set the default Azure subscription using the az account set command.
```
az account set --subscription ${SUBSCRIPTION_ID}
```

Create a new Managed Fleet Namespace

Create a new multi-cluster managed namespace using the az fleet namespace create command.

    az fleet namespace create \
        --resource-group $GROUP \
        --fleet-name $FLEET \
        --name my-managed-namespace \ 
        --annotations annotation1=value1 annotation2=value2 \
        --labels team=myTeam label2=value2 \
        --cpu-requests 1m \
        --cpu-limits 4m \
        --memory-requests 1Mi \
        --memory-limits 4Mi \
        --ingress-policy allowAll \
        --egress-policy allowAll \
        --delete-policy keep \
        --adoption-policy never

Delegate access to a Managed Fleet Namespace

You can now grant access to a user for the Managed Fleet Namespace across member clusters using one of the built-in roles.

Create a role assignment using the az role assignment create command.

The following example assigns a user the Azure Kubernetes Fleet Manager RBAC Writer for Member Clusters role on any cluster that receives the my-managed-namespace Managed Fleet Namespace:

az role assignment create \
    --role "Azure Kubernetes Fleet Manager RBAC Writer for Member Clusters" \
    --assignee <USER-ENTRA-ID> \
    --scope "$FLEET_ID/managedNamespaces/my-managed-namespace"

Add member clusters to a Managed Fleet Namespace

You can control which member clusters to deploy the managed namespace to by specifying the desired list of member cluster names. Any unmanaged namespaces with the same name on member clusters not in the specified list remain untouched.

Specify the full list of member clusters you want to deploy the managed namespace to using the az fleet namespace create command with the --member-cluster-names parameter. The managed namespace is propagated to all clusters in the list.

In this example, the managed namespace is deployed to clusterA, clusterB, and clusterC.

az fleet namespace create \
    --resource-group $GROUP \
    --fleet-name $FLEET \
    --name my-managed-namespace \
    --member-cluster-names clusterA clusterB clusterC

Remove member clusters from a Managed Fleet Namespace

You can remove member clusters from a Managed Fleet Namespace by excluding them from the list of member clusters you want the namespace on.

Specify the list of member clusters you want the managed namespace to remain on using the az fleet namespace create command with the --member-cluster-names parameter. The managed namespace is removed from any clusters excluded from the list.

In this example, the managed namespace is removed from clusterC.

az fleet namespace create \
    --resource-group $GROUP \
    --fleet-name $FLEET \
    --name my-managed-namespace \
    --member-cluster-names clusterA clusterB

View a Managed Fleet Namespace's configuration

View a specific multi-cluster managed namespace's details by using the az fleet namespace show command.

az fleet namespace show \ 
    --resource-group $GROUP \ 
    --fleet-name $FLEET \ 
    --name my-managed-namespace \ 
    -o table

Your output should resemble the following example output:

AdoptionPolicy  DeletePolicy   ETag                                    Location   Name                  ProvisioningState   ResourceGroup
--------------  ------------   -------------------------------------   --------   --------------------  -----------------   -------------
Always          Delete         "aaaaaaaa-0b0b-1c1c-2d2d-333333333333   westus2    my-managed-namespace  Succeeded           test-rg

Delete a Managed Fleet Namespace

Delete a multi-cluster managed namespace using the az fleet namespace delete command.

az fleet namespace delete \
    --resource-group $GROUP \
    --fleet-name $FLEET \
    --name my-managed-namespace

Important

RBAC roles placed on the managed namespace are deleted when the managed namespace is deleted, regardless of the delete policy configuration.

Next steps

Understand the concept of Managed Fleet Namespaces by reading the overview.
Learn how to view and access Managed Fleet namespaces you have access to.

Feedback

Was this page helpful?

Last updated on 2025-11-20