Namespaces
In Kubernetes, namespaces provide a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc.).
When to Use Multiple Namespaces
Namespaces are intended for use in environments with many users spread across multiple teams, or projects.
Namespaces provide a scope for names. Names of resources need to be unique within a namespace, but not across namespaces. Namespaces cannot be nested inside one another and each Kubernetes resource can only be in one namespace.
Namespaces are a way to divide cluster resources between multiple users (via resource quota).
Initial Namespaces
- kube-system: “for objects created by the Kubernetes system”
- default
- kube-public: “readable by all clients (including those not authenticated)”.
- kube-node-lease: “holds Lease objects associated with each node”
Policies and Resource Limits
- Each namespaces can have its own policies and resource limits so that each namespace is allocated with the allowed quota of resources.
DNS
- Within the same namespace, each service can refer to each other by their service names (no need to specify namespace name).
- ex:
mysql.connect("db-service")
- ex:
- If a service wants to reach out to the other service in a different namespace, it’ll need to append the name of the namespace.
- ex:
mysql.connect("db-service.dev.svc.cluster.local") cluster.local: domainsvc: service (subdomain)dev: namespacedb-service: service name- When a service is created, its DNS entry is created automatically.
- ex:
Commands
# Get a list of pods in a default namespace
kubectl get pods
# Get a list of pods in a specific namespace
kubectl get pods --namespace=kube-system
# Or
kubectl get pods -n=kube-system
# Create a pod in a default namespace
kubectl create -f pod-definition.yaml
# Create a pod in a specific namespace
kubectl create -f pod-definition.yaml --namespace=dev
# Or
kubectl run <pod_name> --image=<image_name> --namespace=dev
# List all pods under all namespaces:
kubectl get pods --all-namespaces
# Or
kubectl get pods -A
# List all namespaces
kubectl get namespaces
# Or
kubectl get ns
Or, specify a namespace in a pod definition file
# pod-definition.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
namespace: dev
labels:
app: myapp
type: front-end
spec:
containers:
- name: nginx-container
image: nginx
How to Create a New Namespace
With a namespace definition file
# namespace-file.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev
- Run
kubectl create -f namespace-file.yamlto create a new namespace
Command
kubectl create namespace dev
How to set a specific namespace as the default namespace
kubectl config set-context $(kubectl config current-context) --namespace=dev
# Or
kubectl config set-context --current --namespace=<insert-namespace-name-here>
Others
We can list all pods under all namespaces:
kubectl get pods --all-namespaces
Resource Quotas
We can limit resources in a namespace by creating a resource quota.
# resource quota definition file
apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota
namespace: dev
spec:
hard:
pods: "5"
requests.cpu: "4"
requests.memory: 5Gi
limits.cpu: "8"
limits.memory: 10Gi