Managed Namespaces - Create Or Update

Service:

AKS

API Version:

2025-05-02-preview

Creates or updates a managed namespace in the specified managed cluster.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/managedNamespaces/{managedNamespaceName}?api-version=2025-05-02-preview

URI Parameters

Name	In	Required	Type	Description
managedNamespaceName	path	True	string minLength: 1 maxLength: 63 pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?	The name of the managed namespace.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
resourceName	path	True	string minLength: 1 maxLength: 63 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$	The name of the managed cluster resource.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Body

Name	Type	Description
location	string	The location of the namespace.
properties	NamespaceProperties	Properties of a namespace.
tags	object	The tags to be persisted on the managed cluster namespace.

Responses

Name	Type	Description
200 OK	ManagedNamespace	The existing namespace was successfully updated.
201 Created	ManagedNamespace	The new namespace was successfully created.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create/Update Managed Namespace

Sample request

HTTP

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/managedNamespaces/namespace1?api-version=2025-05-02-preview

{
  "tags": {
    "tagKey1": "tagValue1"
  },
  "properties": {
    "labels": {
      "kubernetes.io/metadata.name": "true"
    },
    "annotations": {
      "annatationKey": "annatationValue"
    },
    "defaultResourceQuota": {
      "cpuRequest": "3m",
      "cpuLimit": "3m",
      "memoryRequest": "5Gi",
      "memoryLimit": "5Gi"
    },
    "defaultNetworkPolicy": {
      "ingress": "AllowSameNamespace",
      "egress": "AllowAll"
    },
    "adoptionPolicy": "IfIdentical",
    "deletePolicy": "Keep"
  }
}

Sample response

Status code:

200

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/managedNamespaces/namespace1",
  "name": "namespace1",
  "type": "Microsoft.ContainerService/managedClusters/managedNamespaces",
  "location": "eastus2",
  "tags": {
    "tagKey1": "tagValue1"
  },
  "properties": {
    "labels": {
      "kubernetes.io/metadata.name": "true"
    },
    "annotations": {
      "annatationKey": "annatationValue"
    },
    "provisioningState": "Succeeded",
    "defaultResourceQuota": {
      "cpuRequest": "3m",
      "cpuLimit": "3m",
      "memoryRequest": "5Gi",
      "memoryLimit": "5Gi"
    },
    "defaultNetworkPolicy": {
      "ingress": "AllowSameNamespace",
      "egress": "AllowAll"
    },
    "adoptionPolicy": "IfIdentical",
    "deletePolicy": "Keep"
  }
}

Status code:

201

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/managedNamespaces/namespace1",
  "name": "namespace1",
  "type": "Microsoft.ContainerService/managedClusters/managedNamespaces",
  "location": "eastus2",
  "tags": {
    "tagKey1": "tagValue1"
  },
  "properties": {
    "labels": {
      "kubernetes.io/metadata.name": "true"
    },
    "annotations": {
      "annatationKey": "annatationValue"
    },
    "provisioningState": "Updating",
    "defaultResourceQuota": {
      "cpuRequest": "3m",
      "cpuLimit": "3m",
      "memoryRequest": "5Gi",
      "memoryLimit": "5Gi"
    },
    "defaultNetworkPolicy": {
      "ingress": "AllowSameNamespace",
      "egress": "AllowAll"
    },
    "adoptionPolicy": "IfIdentical",
    "deletePolicy": "Keep"
  }
}

Definitions

Name	Description
AdoptionPolicy	Action if Kubernetes namespace with same name already exists.
createdByType	The type of identity that created the resource.
DeletePolicy	Delete options of a namespace.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
ManagedNamespace	Namespace managed by ARM.
NamespaceProperties	Properties of a namespace managed by ARM
NamespaceProvisioningState	The current provisioning state of the namespace.
NetworkPolicies	Default network policy of the namespace, specifying ingress and egress rules.
PolicyRule	Enum representing different network policy rules.
ResourceQuota	Resource quota for the namespace.
systemData	Metadata pertaining to creation and last modification of the resource.

AdoptionPolicy

Enumeration

Action if Kubernetes namespace with same name already exists.

Value	Description
Never	If the namespace already exists in Kubernetes, attempts to create that same namespace in ARM will fail.
IfIdentical	Take over the existing namespace to be managed by ARM, if there is no difference.
Always	Always take over the existing namespace to be managed by ARM, some fields might be overwritten.

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

DeletePolicy

Enumeration

Delete options of a namespace.

Value	Description
Keep	Only delete the ARM resource, keep the Kubernetes namespace. Also delete the ManagedByARM label.
Delete	Delete both the ARM resource and the Kubernetes namespace together.

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.

ManagedNamespace

Object

Namespace managed by ARM.

Name	Type	Description
eTag	string	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.
id	string	Resource ID.
location	string	The location of the namespace.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties	NamespaceProperties	Properties of a namespace.
systemData	systemData	The system metadata relating to this resource.
tags	object	The tags to be persisted on the managed cluster namespace.
type	string	Resource type

NamespaceProperties

Object

Properties of a namespace managed by ARM

Name	Type	Description
adoptionPolicy	AdoptionPolicy	Action if Kubernetes namespace with same name already exists.
annotations	object	The annotations of managed namespace.
defaultNetworkPolicy	NetworkPolicies	The default network policy enforced upon the namespace. Customers can have other Kubernetes network policy objects under the namespace. All the network policies will be enforced.
defaultResourceQuota	ResourceQuota	The default resource quota enforced upon the namespace. Customers can have other Kubernetes resource quota objects under the namespace. All the resource quotas will be enforced.
deletePolicy	DeletePolicy	Delete options of a namespace.
labels	object	The labels of managed namespace.
portalFqdn	string	The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly.
provisioningState	NamespaceProvisioningState	The current provisioning state of the namespace.

NamespaceProvisioningState

Enumeration

The current provisioning state of the namespace.

Value	Description
Updating
Deleting
Creating
Succeeded
Failed
Canceled

NetworkPolicies

Object

Default network policy of the namespace, specifying ingress and egress rules.

Name	Type	Default value	Description
egress	PolicyRule	AllowAll	Egress policy for the network.
ingress	PolicyRule	AllowSameNamespace	Ingress policy for the network.

PolicyRule

Enumeration

Enum representing different network policy rules.

Value	Description
DenyAll	Deny all network traffic.
AllowAll	Allow all network traffic.
AllowSameNamespace	Allow traffic within the same namespace.

ResourceQuota

Object

Resource quota for the namespace.

Name	Type	Description
cpuLimit	string	CPU limit of the namespace in one-thousandth CPU form. See CPU resource units for more details.
cpuRequest	string	CPU request of the namespace in one-thousandth CPU form. See CPU resource units for more details.
memoryLimit	string	Memory limit of the namespace in the power-of-two equivalents form: Ei, Pi, Ti, Gi, Mi, Ki. See Memory resource units for more details.
memoryRequest	string	Memory request of the namespace in the power-of-two equivalents form: Ei, Pi, Ti, Gi, Mi, Ki. See Memory resource units for more details.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.