5. K8s Namespaces

Namespace

Organize resources in namespaces
Virtual clusters inside k8 cluster
4 Namespaces by default
kubernetes-dashboard only with minikube

kube-system
- Do not create or modify in kube-system
- Used by system processes
- Master or kubectl processes
kube-public
- Publically accessible data
- A configmap, which contains cluster information
kube-node-lease
- heartbeats of nodes
- each node has associated lease of object in namespace
- determines the availability of node
default
- resources you create are located here

Creating Namespace

Using CLI

kubectl create namespace <my-namespace>

Using Config File

Add namespace attribute in metadata.

apiVersion: v1
kind: ConfigMap
metadata:
	name: mysql-configmap
	namespace: my-namespace
data:
	db_utl: mysql-service.database

Why to use namespace

1. Resources goruped in namespace

All resources are created in default namespace
Overtime, default namespace will be filled with different components
Difficult to overview the namespace at that time
Should not use for smaller projects

2. Conflicts: many teams, same application

Two teams use same cluster and first team deploy app named my-app, second team also uses same same of deployment, hence they override previous team deployment
Each team should use their own namespace to avoid disruption

Staging and Deployment

Reuse the common components in both environments like logging cluster

Blue/Green Deployment

Two different versions of production like v1 and v2
They may need to use same resources

4. Access and Resource Limits on Namespaces

We can give Team A access to their own namespace and vice versa
They can't access other team's namespace
We can also limit cpu, ram, storage resources per namespace using resource quota

Services which can't be accessed from another namespace

Since we cant access most resources from another namespace, simple things like ConfigMap and Secrets should be regenerated in each namespace causing duplication

Services which can be accessed from another namespace

Service can be accessed from another namespace
In ConfigMap definitation, the db_url will contains service name along with namespace name

Components which can't be created within namespace

Some resources live globally inside a cluster
you cant isolate them
Examples are Volumes and Nodes
Can be listed by kubectl api-resources --namespaced=false and vice versa

Changing Active Namespace

$ yay kubectx
$ kubens
$ kubens my-namespace

Previous4. YAML Configuration File Next6. K8s Ingress

Last updated 2 years ago

hashtagNamespace

hashtagCreating Namespace

hashtagUsing CLI

hashtagUsing Config File

hashtagWhy to use namespace

hashtag1. Resources goruped in namespace

hashtag2. Conflicts: many teams, same application

hashtag3. Resource Sharing

hashtag4. Access and Resource Limits on Namespaces

hashtagComponents which can't be created within namespace

hashtagChanging Active Namespace