Namespace
Understand how to use setup Namespace
What is Namespace?
Namespace used to isolate the resources within a single cluster. Therefore, each namespace can have its own policies, permissions (RBAC), resource control, etc. In other words, it is used to isolate the users' accessibility.
By default, Kubernetes will automatically create 4 default namespaces:
-
default
- This is the namespace you can start to deploy the resources without creating a new namespace, when you start using the new cluster.
-
kube-system
- This is the namespace for objects created by the Kubernetes system for itsa internal purpose, for example, kube-dns, kube-proxy, kubernetes-dashboard, ingresses, etc.
-
kube-public
- Basically this namespace contains the resources that is readable and visible publicly by all users without any authentication.
- Mostly reserved for cluster usage.
kubectl cluster-info
- It contains a single ConfigMap object, basically the cluster info is mainly used for aids discovery and security bootstrap.
kubectl get configmap -n kube-public
-
kube-node-lease
- This namespace holds Lease objects associated with each node. That means node leases will allow the kubelet to send heartbeats so that the control plane (Master Node
<-
Node controller) can detect node failure. - Basically this namespace related to cluster scaling.
- This namespace holds Lease objects associated with each node. That means node leases will allow the kubelet to send heartbeats so that the control plane (Master Node
Namespace usage
Commands
Switch namespace in current context permanently
If we want to switch to other namespace permanently, we can do the following commands, so that we don't have to specify the namespace option.
Context is a set of access parameters that define a cluster, namespace, and user in Kubernetes. They actually stored in YAML file kubeconfig
, and are used to manage multiple clusters or environments from the same management system.
Create a namespace in YAML
Use namespace in resources YAML
Connect to other namespace services
If you want to connect to other namespace services, then you have to reference the DNS of the respective namespace, as a DNS entry will automatically added in this format when the service is created. Here is the format;
- Format:
<service-name>.<namespace>.svc.cluster.local
- Example:
db-svc.prod.svc.cluster.local
cluster.local
= default domain name of the Kubernetes cluster
Resource quota for namespace
You can limit the resources to be used within a namespace. You can set each namespace with a guaranteed amount and not use more than the limit.
- Scope: Applies to an entire namespace
- Purpose: Enforces overrall resource usage limits for all pods in a namespace
- Usage: Ensure that the total resource usage consumption (eg, CPU, memory, number of pods) in a namespace does not exceed the specified limits.
In this case, this dev
namespace can only create a maximum of 15 pods. Each pod in the dev namespace will have 2 CPUs and 2G of memory, while the maximum CPU and memory limits are 4 and 4G, respectively.
You can check the resource quota by running the following command:
Limit range for namespace
Important
The max and min values in a LimitRange apply to both resource requests and limits.
You can also set the default minimum and maximum limits for the resources like CPU and memory for pods in the namespace. With this setup, we can ensure that all the pods created in the namespace will have the same limits. Remember, if you just create or change a limit range, it will not affect the existing pods.
- Scope: Applies to individual containers or pods within a namespace
- Purpose: Sets default, minimum, and maximum resource usage limits for containers or pods
- Usage: Ensures that each container or pod has resource requests and limits within specified bounds, providing a way to control resource allocation at a finer granularity.
With this setup, we specify the default CPU and memory limits for the pods in the namespace are 500m
and 512Mi
, respectively. The default request for CPU and memory are also set to 500m
and 512Mi
, respectively.
max
- the maximum limit for CPU and memory that can be set on a container- If you explicitly specify the resource requests and limits, they must not be higher than max values
min
- the minimum limit for CPU and memory that can be set on a container- If you explicitly specify the resource requests and limits, they must not be lower than min values
Example Scenarios:
- No resources specified:
- The container will get 500m CPU and 512Mi memory (default values).
- Explicitly set 200m CPU and 300Mi memory:
- This is valid because it is within the min and max range.
- Explicitly set 50m CPU and 200Mi memory:
- This will fail because it is below the min values.
- Explicitly set 2 CPU and 2Gi memory:
- This will fail because it exceeds the max values.