Namespaces are one of the core concepts of the Aporeto control plane.
In computing, a
namespace is a unit of organization for your data (objects) so that your data may be referred to by name. Characteristics of
- A namespace can have many child namespaces
- A namespace can have only one parent namespace
- Every object in Aporeto resides in a namespace, without exception.
- Within Aporeto, policies may be authorized to propagate downward which means they affect child paths of a namespace, but may never propagate upwards.
You can see namespaces as folders in a file system structure.
The namespace hierarchy can only be, at most, 16 levels deep. But don't worry, this is plenty!
Each account created on the Aporeto control plane automatically gets a base namespace or account namespace.
For instance, when creating the account
mycompany, the base namespace
/mycompany** will be created and will scope all the resources created for
When navigating the Aporeto control plane web interface, please make sure that you are targeting the right namespace.
Most of the time, you will end up with an error
Forbidden: You are not allowed to access this resource. if you are trying to access a namespace that does not exist or you don't have access to.
Aporeto provides you the flexibility to organize your namespaces in any way that makes the most sense for your enterprise. For example, by product or department or team.
The use of namespaces is a great way to delegate your authority within your company hierarchy.
Here are different way to organize the namespace
/mycompany that contains three departments (Finance/HR/IT) with three (3) environments (production/test/development) and applications.
/mycompany |-- /finance |-- /production |-- /test |-- /dev |-- /hr |-- /production |-- /test |-- /dev |-- /it |-- /production |-- /test |-- /dev
Or by environment
/mycompany |-- /production |-- /finance |-- /hr |-- /it |-- /dev |-- /finance |-- /hr |-- /it |-- /test |-- /finance |-- /hr |-- /it
Or by Apps
/mycompany |-- /production |-- /wordpress |-- /gitlab |-- /jira |-- /dev |-- /wordpress |-- /gitlab |-- /jira |-- /test |-- /wordpress |-- /gitlab |-- /jira
There are a number of benefits to planning and organizing your deployment in advance. The process of organizing your namespace hierarchy will define how you write your policies.