In Kubernetes, Namespaces are used to create isolated environments for resources. Each Namespace is like a separate cluster within the same physical cluster. Services are used to expose your Pods and Deployments to the network.
1. What is a Namespace in Kubernetes?
In Kubernetes, a namespace is akin to a virtual cluster housed within a physical Kubernetes cluster. It provides a layer of isolation and organization, ensuring that the cluster's resources, from pods to services, can be allocated and separated as needed.
2. Why Use Namespaces?
Isolation: Namespaces can help in isolating resources and components for different applications, environments, or teams. For instance, your 'development' environment can reside in a separate namespace from 'production', ensuring they don't interfere with each other.
Resource Management: With ResourceQuotas, you can allocate specific amounts of resources (like CPU and memory) to a particular namespace.
Access Control: Role-based access control (RBAC) can be configured at the namespace level. This means you can have fine-grained control over who can access and modify resources in a particular namespace.
Cost Allocation: By tagging resources by namespace, it becomes easier to track costs and allocate them to the right teams or projects.
3. Working with Namespaces
Kubernetes comes with a few default namespaces:
default: If no namespace is specified when a resource is created, it's placed here.
kube-system: Resources created by the Kubernetes system reside here.
kube-public: This is automatically created and readable by all users (including non-authenticated ones). It's often used for resources that should be publicly available across the entire cluster.
To create your own namespace:
kubectl create namespace my-namespace
To list all namespaces:
kubectl get namespaces
4. Best Practices for Using Namespaces
Avoid Overcomplication: While namespaces are a handy tool, don't create them needlessly. If you have a small application or project that doesn't require separate environments or team-based segregation, you may not need them.
Consistent Naming: It’s helpful to adopt a consistent naming strategy for namespaces. For instance, using team names or project names can be effective.
Use RBAC: Leverage Role-Based Access Control to set permissions at the namespace level, ensuring that team members have only the access they require.
Regular Cleanup: Over time, as projects evolve or get deprecated, ensure you clean up any unused namespaces to keep the cluster tidy.
5. Limitations of Namespaces
While namespaces are powerful, they don't provide a complete isolation boundary. For instance:
Networking: By default, services can communicate across namespaces. Network policies or third-party network plugins are needed for more rigorous network segmentation.
Storage: Storage resources, like Persistent Volumes, are cluster-scoped and not tied to a specific namespace.
Create a Namespace for your Deployment
Use the below command to create a Namespace
Create a namespace using the command “kubectl create namespace <name>” and give the command “kubectl get namespaces” to check whether a new namespace has been created or not.
kubectl create namespace python-django-app
kubectl get namespaces
vim deployment.yml
Update the deployment.yml file to include the Namespace
apiVersion: apps/v1
kind: Deployment
metadata:
name: todo-deploy
labels:
app: todo-app
namespace: python-django-app
spec:
replicas: 3
selector:
matchLabels:
app: todo-app
template:
metadata:
labels:
app: todo-app
spec:
containers:
- name: django-todo
image: kshitibartakke/django-todo:latest
ports:
- containerPort: 8000
Apply the updated deployment using the command:
The kubectl apply command is used to create or update resources in a Kubernetes cluster. The -f flag is used to specify the file that contains the definition of the resources you want to create or update. The -n flag is used to specify the namespace in which the resources should be created or updated.
kubectl apply -f deployment.yml -n python-django-app
Check pods and deployment created
kubectl get deployments -n python-django-app
kubectl get pods -n python-django-app