set-namespace

KRM function for set-namespace

set-namespace #

Overview #

The set-namespace function replaces the input KRM resources’ namespace fields.

Usage #

Replace namespaces are commonly used in the following scenarios:

  • distinguish resources by environment. For example, you can update all resources under kpt package “prod” to namespace “prod”, and another resources under kpt package “dev” to namespace “dev”.
  • distinguish resources by teams or users. For example, you can “copy” and “create” a new set of resources by simply replacing the resources namespace to a different value.

Target KRM resources #

This function not only update the namespace scoped resources’ metadata.namespace or Namespace object’s metadata.name, but handle some special resource types. See the full targeting resources below:

  • This function updates all namespace-scoped KRM resources metadata.namespace fields. We determine whether a custom KRM resource is namespace scoped by checking if it has metadata.namespace set.
  • This function updates RoleBinding and ClusterRoleBinding resources subjects element whose kind is ServiceAccount and the subject’s namespace is set.
  • This function updates CustomResourceDefinition (CRD) spec/conversion/webhook/clientConfig/service/namespace field if the field is set.
  • This function updates APIService spec/service/namespace field if the field is set.
  • This function updates the KRM resources annotation config.kubernetes.io/depends-on if this annotation contains the namespace that shows up in other resources’ namespace.

FunctionConfig #

FunctionConfig is used to configure the set-namespace function behavior. It itself is a KRM resource which can be either a ConfigMap object or a custom SetNamespace object.

ConfigMap as functionConfig

apiVersion: v1
kind: ConfigMap
data:
  namespace: newNamespace # required

SetNamespace as functionConfig

apiVersion: fn.kpt.dev/v1alpha1
kind: SetNamespace
namespace: newNamespace # required

The package-context.yaml as functionConfig. This convention file is auto-generated by kpt pkg get --for-deploy or kpt pkg init

apiVersion: v1
kind: ConfigMap
metadata:
  name: kptfile.kpt.dev
  annotations:
    config.kubernetes.io/local-config: "true"
data:
  name: newNamespace # required, update all namespace fields to "newNamespace"

DependsOn annotation #

DependsOn annotation is a kpt feature. This function updates the namespace segment in a depends-on annotation if the namespace matches the Namespace object or namespaceMatcher field.

Last modified October 9, 2025: Moving the documentation to Hugo (#1177) (a7f5458)