|
| 1 | +--- |
| 2 | +title: Troubleshoot Managed Namespaces Errors |
| 3 | +description: Learn how to resolve errors that occur when you try to enable managed namespaces on AKS. |
| 4 | +ms.date: 08/05/2025 |
| 5 | +ms.reviewer: jackjiang |
| 6 | +ms.service: azure-kubernetes-service |
| 7 | +ms.custom: sap:Extensions, references_regions |
| 8 | +--- |
| 9 | +# Troubleshoot managed namespace errors |
| 10 | + |
| 11 | +This article provides guidance for resolving errors that occur in Microsoft Azure Kubernetes Service (AKS) when you use the `ManagedNamespacePreview` flag. |
| 12 | + |
| 13 | +## Prerequisites |
| 14 | + |
| 15 | +The following tools must be installed and configured: |
| 16 | + |
| 17 | +- [Azure CLI](/cli/azure/install-azure-cli) |
| 18 | +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/), the Kubernetes command-line client |
| 19 | + |
| 20 | +## Error 1: Feature not found |
| 21 | + |
| 22 | +### Symptom |
| 23 | + |
| 24 | +When you try to register the `ManagedNamespacePreview` flag, you receive the following error message: |
| 25 | + |
| 26 | +*(FeatureNotFound) The feature '<feature_name>' could not be found.* |
| 27 | + |
| 28 | +### Resolution |
| 29 | + |
| 30 | +Make sure that the command is entered correctly and uses correct spelling. |
| 31 | + |
| 32 | +To register this preview feature, run the `as feature register` command: |
| 33 | + |
| 34 | +`az feature register --namespace Microsoft.containerService -n ManagedNamespacePreview` |
| 35 | + |
| 36 | +## Error 2 - Can't create a managed namespace |
| 37 | + |
| 38 | +### Symptom |
| 39 | + |
| 40 | +When you try to create a managed namespace, you receive the following error message: |
| 41 | + |
| 42 | +*(BadRequest) Managed namespace requires feature flag Microsoft.ContainerService/ManagedNamespacePreview to be registered.* |
| 43 | + |
| 44 | +### Resolution |
| 45 | + |
| 46 | +This message indicates that the feature flag is not yet registered. If you already ran the command to register the flag, verify the registration status by running the the `az feature show` command: |
| 47 | + |
| 48 | +`az feature show --namespace Microsoft.ContainerService -n ManagedNamespacePreview` |
| 49 | + |
| 50 | +## Error 3: Can't use or change some namespaces |
| 51 | + |
| 52 | +### Symptom |
| 53 | + |
| 54 | +You receive the following error message: |
| 55 | + |
| 56 | +*The namespace name cannot be the same as the name of a system namespace.* |
| 57 | + |
| 58 | +### Resolution |
| 59 | + |
| 60 | +Users are not allowed to change certain namespaces or create managed namespaces that use certain names because the names are used by system components or resources. This list includes the following namespaces: |
| 61 | + |
| 62 | +- default |
| 63 | +- kube-system |
| 64 | +- kube-node-lease |
| 65 | +- kube-public |
| 66 | +- gatekeeper-system |
| 67 | +- cert-manager |
| 68 | +- calico-system |
| 69 | +- tigera-system |
| 70 | +- app-routing-system |
| 71 | +- aks-istio-system |
| 72 | +- istio-system |
| 73 | +- dapr-system |
| 74 | +- flux-system |
| 75 | +- prometheus-system |
| 76 | +- eraser-system |
| 77 | + |
| 78 | +## Error 4 - Can't update or delete managed namespaces |
| 79 | + |
| 80 | +### Symptom |
| 81 | + |
| 82 | +You can't create, update, or delete managed namespaces. |
| 83 | + |
| 84 | +### Resolution |
| 85 | + |
| 86 | +This behavior is by design. Users are not allowed to create, update, or delete managed namespaces if the managed cluster is not in a running state. |
| 87 | + |
| 88 | +## Error 5: Can't use some kubectl commands |
| 89 | + |
| 90 | +### Symptom |
| 91 | + |
| 92 | +When you try to modify a managed namespace through kubectl, you receive the following error message: |
| 93 | + |
| 94 | +*Updating resource quota defaultresourcequota is not allowed because it is managed by ARM. Please update this resource quota though ARM api.* |
| 95 | + |
| 96 | +### Resolution |
| 97 | + |
| 98 | +Because a managed namespace is managed by Microsoft Azure Resource Manager (ARM), changes to its metadata (labels and annotations) through kubectl commands are restricted. The affected actions include, but are not limited to, edits and deletions to: |
| 99 | + |
| 100 | +- A managed namespace through `kubectl edit ns <namespace-name>` or `kubectl delete ns <namespace name>` |
| 101 | +- A namespace through `kubectl delete resourcequota defaultresourcequota --namespace <namespace-name>` |
| 102 | +- A defaultresourcequota through `kubectl delete resourcequota defaultresourcequota --namespace <namespace-name>` |
| 103 | +- A defaultnetworkpolicy through `kubectl delete networkpolicy defaultnetworkpolicy --namespace <namespace-name>` |
| 104 | + |
| 105 | +Modifications to namespaces must be made through the ARM API to maintain consistency with the managed state. You can manage your managed namespaces in the Azure portal or through [CLI commands](/cli/azure/aks/namespace). |
| 106 | + |
| 107 | +[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)] |
| 108 | + |
| 109 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments