Kubernetes. Basics. 2. Namespaces

 

Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called Namespaces.

In Kubernetes, a namespace is a virtual cluster or a logical boundary that provides a way to organize and isolate resources within a cluster. It is primarily used to create multiple virtual clusters within a single physical cluster, allowing teams or applications to have their own isolated environments.

Namespaces provide the following benefits:

1. Resource isolation: Each namespace provides a separate scope for resources such as pods, services, deployments, and config maps. This ensures that resources within one namespace do not conflict with resources in another namespace.

2. Access control: Namespaces enable access control and resource management. Role-Based Access Control (RBAC) policies can be applied at the namespace level, allowing fine-grained control over who can access and manage resources within a namespace.

3. Organization and management: By grouping related resources together in namespaces, it becomes easier to manage and organize applications, environments, or teams within a cluster. It improves the clarity and separation of concerns.

4. Resource quota and limits: Namespaces can have resource quotas and limits applied to them, ensuring that resources are allocated fairly and preventing any single namespace from consuming excessive resources.

Note that:

• Namespaces divide cluster resources logically
• Nodes are VMs

Kubernetes cluster starts with 4 initial namespaces:

• default - The default namespace for objects with no other namespace
• kube-system - The namespace for objects created by the Kubernetes system
• kube-public - This namespace is created automatically and can be read by all users (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement.
• kube-node-lease - This namespace holds Lease objects associated with each node. Node leases allow the kubelet to send heartbeats so that the control plane can detect node failure.

Working with most of the resources in Kubernetes requires providing namespace name explicitly:

$ kubectl get pods -n kube-system

Working with Namespaces

Viewing Namespaces:

$ kubectl get namespaces
NAME                STATUS   AGE
kube-system         Active   5m17s
default             Active   5m17s
kube-public         Active   5m17s
kube-node-lease     Active   5m17s

$ kubectl get namespaces --show-labels
$ kubectl get ns ${NS_NAME}
$ kubectl describe ns ${NS_NAME}

Viewing Resources in Namespace:

## For default Namespace:
$ kubectl get pods
$ kubectl get deployment

## Working with other namespaces:
$ kubectl get pods -n ${NS_NAME}
$ kubectl get rs -n ${NS_NAME}
$ kubectl get all -n ${NS_NAME}

## Getting Pods from All Namespaces:
$ kubectl get pods -A
$ kubectl get pods --all-namespaces

Documentation:

• https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Please answer the following question:

Q1 How many namespaces are currently created in the cluster?

Q2 How many resources (all) are created in kube-system namespace?

Q3 Check the labels and find “what namespace Santa doesn’t like”

Q4 What Pod is running in “red” namespace?

Q5 What “rs” (Replica Set) is running in “red” namespace?