Part 2: K8 Namespaces
Namespaces are a way to organize clusters into virtual sub-clusters — they can be helpful when different teams or projects share a Kubernetes cluster. Any number of namespaces are supported within a cluster, each logically separated from others but with the ability to communicate with each other. Namespaces cannot be nested within each other.
its a way of logically grouping resources inside cluster.
e.g "Prometheus,graphana" are under Monitoring namespace, ELK stack under "elk Namespace", database and its required resource in "DB" namespace.
To view namespace (below are default namespace that is pre installed/created)
# kubectl get namespace
NAME STATUS AGE
default Active 4d11h
kube-node-lease Active 4d11h
kube-public Active 4d11h
kube-system Active 4d11h
root@masterNode:/etc/kubernetes# kubectl get pod
No resources found in default namespace.
root@masterNode:/etc/kubernetes# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5d78c9869d-mlb9q 0/1 Pending 0 4d12h
coredns-5d78c9869d-zz887 0/1 Pending 0 4d12h
etcd-masternode 1/1 Running 6 (45h ago) 4d12h
kube-apiserver-masternode 1/1 Running 6 (45h ago) 4d12h
kube-controller-manager-masternode 1/1 Running 8 (45h ago) 4d12h
kube-proxy-hmrqg 1/1 Running 2 (45h ago) 4d12h
kube-scheduler-masternode 1/1 Running 9 (39h ago) 4d12h
root@masterNode:/etc/kubernetes# #above are control plane pods(static)
the static pod names have the node name appended to their name eg. "masternode"
is the host/node name.(converted to lowercase)
default: As its name implies, this is the namespace that is referenced by default for every Kubernetes command, and where every Kubernetes resource is located by default. Until new namespaces are created, the entire cluster resides in ‘default’.
kube-system: Used for Kubernetes components and should be avoided.
kube-public: Used for public resources. Not recommended for use by users.
To create name space:-
kubectl create namespace <my-namespace>
why Namespace ?
prevents conflicts : deployment with same name deployed by some automation build(e.g jenkins) used by Multiple Teams. Namespace can help prevent this for eg. ProjectA,ProjectB namespace
Enhancing role-based access controls (RBAC) by limiting users and processes to certain namespaces.
Enabling the dividing of a cluster’s resources between multiple teams and users via resource quotas. Policy-driven resource limits can be set on namespaces by defining resource quotas for CPU or memory utilization(helps to ensure not any particular namespace is hogging cpu and memory )
Providing an easy method of separating development, testing, and deployment of containerized applications enabling the entire lifecycle to take place on the same cluster.