What is a Kubernetes namespace?
In this post we will be looking at Kubernetes namespace. By definition a Kubernetes namespace allows separation of resources created by users. However, to get an intuition of what namespaces are, imagine a company that has multiple teams and each team has multiple environments.
It is common for enterprises to have a development, testing, staging and production environment for each team. We need a way to make sure that applications and services deployed by one team are not visible or accessible to the other teams. One way of doing this is to have multiple Kubernetes cluster, i.e. one per team per environment. Its easy to see how that would not only be a maintenance nightmare but also negates the advantage of moving to Kubernetes in the first place. We want to use the hardware effectively by reducing unused resources and the best way to do that is to run multiple environments for one or more teams in a single cluster. We would then need a good way to logically separate these environments so an application deployed in one environment or team does not get access to other environments. Namespaces in Kubernetes are a great way to create logical partitions within a cluster. Each namespace can be thought of as hosting applications for a single team and for a single environment.
creating a namespace allows
- Create logical partition within the cluster
- Controlled access to resources such as pods, services etc.
- Limit resource consumption for that namespace.
- Give a user admin access to only a particular namespace.
The namespace becomes part of the DNS and hence the namespace name has to be DNS compatible. Do not use namespace for resources that differ only slightly such as versions. Labels are better suited for that.
Kubernetes comes with three namespaces. The “default” namespace contains objects that are not in any other namespace. “kube-system” contains objects created by kubernetes and kube-public is used for objects that anyone can read.
While using the kubectl client the objects listed by default are from the default namespace. To list objects from a different namespace use –namespace argument. For example, to list all deployments in the kube-system namespace use
kubectl get deployments --namespace=kube-system
Lets create a new kubernetes namespace. There are two main ways to create namespaces. The first is by directly creating a namespace from the command line. for example.
kubectl create namespace development
creates a namespace called development. To see whether the namespace has been created type in
kubectl get namespaces
to delete a namespace type in
kubectl delete namespace development
We can also use a yaml to create a namespace. Lets do that next. Here’s the yml file that creates the development namespace
we use kubectl apply and the filename to create the namespace. We can then describe the namespace using the describe command.
We will see how to deploy the Kubernetes static website that we created in the earlier video. To recap its a simple static website with an index.html that says Hello Kubernetes. We have created a docker image with that website. To make things more interesting though, lets create a quota that fixes a quota for the total amount of memory in a namespace and the total number of pods in the namespace. To create the Resource Quota we create an object of type Resource Quota. Here’s how the file looks .
The type is ResourceQuota and we specify the namespace that the quota applies to. We can specify the namespace here or to the kubectl client . The specification gives the quota which is 200 mebibyte and number of pods is 2. We apply the ResourceQuota.
Once the quota is applied, we create the static website. Here’s the yml for the website.
- name: static-website
- containerPort: 80
It creates two replicas. We apply the deployment in the development namespace. We also need to specify the memory required. Note that the deployment will fail if we dont specify the memory since there is a quota attached to it. We now create the deployment.
This finishes our introduction to namespace. We have seen how we can set quota to namespace using the ResourceQuota object. In the later post we will look at how to restrict users from accessing different namespaces using RBAC or Role Based Authentication Control. In the next post lets look at Labels, annotations and selectors. See you in the next video and don’t forget to practice what you have learned today. The source code for all the videos are available on my github page.