Monday, August 9, 2021

Kubernetes for Developers #21: Kubernetes Namespace in-detail

Kubernetes supports multiple virtual clusters by using Namespaces. It helps when multiple teams using same cluster and want to setup separate Roles, Binding and Environments for each team.

  • Kubernetes resource name should be unique within a namespace, but not across namespaces. It means, we can use same Pod/Deployment name in different namespaces
  • Namespaces cannot be nested
  • Each Kubernetes resource can only be in one namespace. It means, we cannot attach same Pod/Deployment to multiple namespaces
  • Try to avoid creating namespace with prefix "kube-" as it is reserved for K8 internal system
  • We can restrict resource usage limit (i.e. CPU, Memory) for each namespace
  • We can restrict users to access only selected namespaces and it’s Kubernetes objects
  • By default, all the k8 objects created under "default" namespace
The following four namespaces will be created automatically when the cluster is configured.

Namespace

description

default

By default, all the resources created under “default” namespace without CPU and Memory restrictions

kube-system

This namespace for objects created by the Kubernetes system

kube-public

It is reserved for cluster usage and it is accessible for all users. Use this only when k8 objects should be visible to publicly throughout the cluster

kube-node-lease

It is for lease objects associated with each node to improve performance of the node heartbeats



Create Namespace

  1. from YAML file
apiVersionv1
kindNamespace
metadata
  namedev-ns

Save above yaml content as "dev-ns.yaml" and run following kubectl command
// create namespace resoure from yaml file
$ kubectl apply -f dev-ns.yaml
namespace/dev-ns created

// display all namespaces
$ kubectl get ns
NAME              STATUS   AGE
default           Active   30d
kube-node-lease   Active   30d
kube-public       Active   30d
kube-system       Active   30d
dev-ns            Active   17m

// view namespace details using describe command
$ kubectl describe ns dev-ns

// view namespace details as yaml file 
$ kubectl get ns dev-ns -o yaml

   2. imperative way

// syntax $kubectl create ns <namespace-name>
$ kubectl create ns dev2-ns
namespace/dev2-ns created

// display all namespaces
$ kubectl get ns
NAME              STATUS   AGE
default           Active   30d
kube-node-lease   Active   30d
kube-public       Active   30d
kube-system       Active   30d
dev-ns            Active   17m
dev2-ns           Active   1m

Create Pod in selected Namespace

  1. from YAML file
we can achieve this by specifying namespace attribute in the metadata section

apiVersionv1
kindPod
metadata:
  namepod-nginx
  namespacedev-ns
spec:
  containers:
    - namenginx
      imagenginx:1.14.2

Save above yaml content as "pod-dev-ns.yaml" and run following kubectl command
// create pod under "dev-ns" namespace using yaml file
$ kubectl apply -f pod-dev-ns.yaml
pod/pod-nginx created

// display all pods from dev-ns namespace
// syntax
$ kubectl get po -n <namespace-name>

$ kubectl get po -n dev-ns
NAME        READY   STATUS    RESTARTS   AGE
pod-nginx   1/1     Running   0          4m4s

// delete namespace
// all pods gets deleted automatically when namespace is deleted
$ kubectl delete ns dev-ns
namespace "dev-ns" deleted

// display all pods under dev-ns namespace
$ kubectl get po -n dev-ns
No resources found in dev-ns namespace.

// delete all pods without deleting namespace
//syntax:
kubectl delete po --all -n <namespace-name>

$ kubectl delete po --all -n dev2-ns
pod "pod-nginx" deleted

// display all namespaces
$ kubectl get ns
NAME              STATUS   AGE
default           Active   31d
dev2-ns           Active   47m
kube-node-lease   Active   31d
kube-public       Active   31d
kube-system       Active   31d

2. imperative way

// syntax
// kubectl run <pod-name> --image <image-name> -n <namespace-name>
$ kubectl run pod-nginx --image nginx -n dev2-ns
pod/pod-nginx created

// display all pods from dev2-ns namespace
// syntax 
kubectl get po -n <namespace-name>

$ kubectl get po -n dev2-ns
NAME        READY   STATUS    RESTARTS   AGE
pod-nginx   1/1     Running   0          4m4s

we must use Fully Qualified Domain Name(FQDN) to access Pods from one namespace to another namespace i.e.

<servicename>.<namespace>.svc.cluster.local

Kubernetes for Developers Journey.

Happy Coding :)
Posted by at
Labels:

2 comments:

  1. prashanthAugust 11, 2021 at 4:19 AM

    Hi Rama Subbareddy,

    I really appreciate your efforts to get this articles.

    I have gone through your kubernetes articles, its only talks about basic concepts. My request is to get real time scenarios like how to autoscaling the POD's and how to deploy pod in specific node. If you provide articles like above scenarios it would be really great..

    this is just my suggestion Rama.

    ReplyDelete
    Replies
    1. Rama Subba ReddyAugust 13, 2021 at 4:23 AM

      Thanks for the feedback prashanth. I will cover in upcoming articles.

      Delete

Subscribe to: Post Comments (Atom)