In Kubernetes, a namespace is a virtual cluster created within a physical cluster. Namespaces are used to divide cluster resources between multiple users. This allows for better resource organization, isolation, and access control.

In the vast cosmos of Kubernetes, the concept of namespaces serves as a guiding star, illuminating the way for efficient resource management and organizational clarity within clusters. Understanding namespaces is crucial for orchestrating diverse workloads, ensuring seamless collaboration, and maintaining robust security. In this article, we delve into the essence of namespaces in Kubernetes, exploring their significance, functionalities, and practical applications.

What Are Namespaces?

In Kubernetes, namespaces provide a logical boundary within a cluster, segregating resources into distinct scopes. Think of namespaces as virtual clusters within a physical cluster, each with its own isolated set of resources. This segregation fosters organization, enabling teams to work independently without interfering with each other’s operations.

For example, I have a GKE cluster and use the following command to list the namespaces.

$ kubectl get namespaces

NAME                 STATUS   AGE
default              Active   3d11h
gke-managed-system   Active   3d11h
gmp-public           Active   3d11h
gmp-system           Active   3d11h
kube-node-lease      Active   3d11h
kube-public          Active   3d11h
kube-system          Active   3d11h

What are the benefits of using namespaces in Kubernetes?

Namespaces are a way to divide a single Kubernetes cluster into multiple virtual clusters. This can be useful for a number of reasons:

  1. Resource organization: Namespaces allow you to group related resources together and manage them as a unit. For example, you might create a namespace for a particular application or team.
  2. Access control: Namespaces can be used to control who has access to which resources. You can assign different roles and permissions to different users or groups within a namespace.
  3. Resource isolation: Namespaces can provide a level of isolation between different parts of your application or different teams. This can help prevent resource contention and make it easier to manage resources at scale.
  4. Namespace-scoped resources: Some Kubernetes resources, like ConfigMaps and Secrets, can be scoped to a namespace. This means that they are only accessible within that namespace.

Default Namespace: The Foundation

Upon initialization, Kubernetes creates a default namespace where resources are initially deployed if no explicit namespace is specified. This default namespace serves as the foundation, housing essential system components and user workloads unless otherwise specified. While convenient for quick deployments, it’s essential to manage resources across multiple namespaces for scalability and organization.

Every Kubernetes cluster has a default namespace. When you create resources without specifying a namespace, they automatically go into the default namespace.

Manage Namespaces: Create, Update and List

1. Creating a namespace

Creating a namespace in Kubernetes is a straightforward process, accomplished using either imperative or declarative methods. You can use the following imperative command to create the namespace.

$ kubectl create namespace k8s-training-namespace

namespace/k8s-training-namespace created

Alternatively, it is recommended to use a manifest file to create the namespace using the YML file.

dev-namespace.yml
apiVersion: v1
kind: Namespace
metadata:
  #namespace_name
  name: dev
  labels:
    name: dev
  annotations:
    description: This is dev namespace for developers
    owner: [email protected]

In this example, I have added two annotations to the metadata section of the Namespace object:

  • description: This is a custom annotation that provides a brief description of the namespace.
  • owner: This is another custom annotation that specifies the owner of the namespace.

Use the kubectl apply command to create the namespace.

$ kubectl apply -f dev-namespace.yaml
namespace/dev created


$ kubectl describe namespace/dev

Name:         dev
Labels:       kubernetes.io/metadata.name=dev
              name=dev
Annotations:  description: This is dev namespace for developers
              owner: [email protected]
Status:       Active

No resource quota.

2. List namespaces:

Listing namespaces within a cluster is effortless:

$ kubectl get namespaces

NAME                     STATUS   AGE
default                  Active   3d12h
gke-managed-system       Active   3d12h
gmp-public               Active   3d12h
gmp-system               Active   3d12h
k8s-training-namespace   Active   40m
kube-node-lease          Active   3d12h
kube-public              Active   3d12h
kube-system              Active   3d12h

Sometimes yoiu want to list resources in all resources, you can use --namespace=all-namespaces option. For example:

To list pods in all namespaces:

This will display information about all pods across all namespaces in your Kubernetes cluster. This command is helpful for obtaining an overview of the pods running in the entire cluster, regardless of the namespace they belong to. For example in a GKE cluster

$ kubectl get pods --all-namespaces

NAMESPACE     NAME                                                             READY   STATUS    RESTARTS        AGE
gmp-system    alertmanager-0                                                   2/2     Running   0               3d12h
gmp-system    collector-2wrhm                                                  2/2     Running   0               3d12h
gmp-system    collector-l4vcg                                                  2/2     Running   0               3d12h
gmp-system    collector-zhwmm                                                  2/2     Running   0               3d12h
gmp-system    gmp-operator-5585475b4c-f78md                                    1/1     Running   0               3d12h
gmp-system    rule-evaluator-84876d5bb-lhhxn                                   2/2     Running   3 (3d12h ago)   3d12h
kube-system   event-exporter-gke-7d996c57bf-nbnhk                              2/2     Running   0               3d12h
kube-system   fluentbit-gke-44hlc                                              2/2     Running   0               3d12h
kube-system   fluentbit-gke-75bhx                                              2/2     Running   0               3d12h
kube-system   fluentbit-gke-8n8nq                                              2/2     Running   0               3d12h
kube-system   gke-metrics-agent-vrhnl                                          2/2     Running   0               3d12h
kube-system   gke-metrics-agent-w88rq                                          2/2     Running   0               3d12h
kube-system   gke-metrics-agent-wsqf7                                          2/2     Running   0               3d12h
kube-system   konnectivity-agent-557c9b8db9-x6p26                              2/2     Running   0               3d12h
kube-system   konnectivity-agent-557c9b8db9-xl8vs                              2/2     Running   0               3d12h
kube-system   konnectivity-agent-557c9b8db9-zbqjj                              2/2     Running   0               3d12h
kube-system   konnectivity-agent-autoscaler-5847cf65c7-wmlct                   1/1     Running   0               3d12h
kube-system   kube-dns-6f955b858b-6cxrw                                        4/4     Running   0               3d12h
kube-system   kube-dns-6f955b858b-ch9pk                                        4/4     Running   0               3d12h
kube-system   kube-dns-autoscaler-755c7dfdf5-7z69f                             1/1     Running   0               3d12h
kube-system   kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-hj6z   1/1     Running   0               3d12h
kube-system   kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-q1bh   1/1     Running   0               3d12h
kube-system   kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-r6nw   1/1     Running   0               3d12h
kube-system   l7-default-backend-6779bb6c8d-k8cp2                              1/1     Running   0               3d12h
kube-system   metrics-server-v0.6.3-764c8d87d9-jczmp                           2/2     Running   0               3d12h
kube-system   pdcsi-node-jrkvc                                                 2/2     Running   0               3d12h
kube-system   pdcsi-node-s9lxq                                                 2/2     Running   0               3d12h
kube-system   pdcsi-node-tglv2                                                 2/2     Running   0               3d12h

Similarly, to list all resources in all namespaces.

## Similarly to list all resources in all-namespaces
$ kubectl get all --all-namespaces

3. Delete namespace:

To delete a namespace in Kubernetes, you can use the kubectl delete namespace command followed by the name of the namespace you want to delete. Here’s the command:

$ kubectl delete namespace test

namespace "test" deleted

4. Setting Namespace Context

Managing multiple namespaces can be daunting without the ability to switch context seamlessly. Kubernetes provides a convenient way to set the current namespace context, simplifying administrative tasks and resource operations within specific scopes.

To set the current namespace context, use the following command:

kubectl config set-context --current --namespace=<namespace-name>

5. Commonly used namespace commands

Here are some useful kubectl commands for working with namespaces:

  • kubectl get pods --namespace=<namespace>: List all pods in a namespace.
  • kubectl create -f <file.yaml> --namespace=<namespace>: Create a resource from a YAML file in a namespace.
  • kubectl delete -f <file.yaml> --namespace=<namespace>: Delete a resource from a YAML file in a namespace.
  • kubectl config set-context --current --namespace=<namespace>: Set the default namespace for your kubectl context.

Remember, namespaces are a powerful tool for organizing and controlling access to your Kubernetes resources. Use them wisely!

Resource Quotas: Governing Limits in Namespace

Namespaces in Kubernetes aren’t just about segregation; they’re also about resource governance. Resource quotas allow administrators to set constraints on the consumption of CPU, memory, and other resources within namespaces, preventing resource contention and ensuring fair resource distribution across teams.

To apply a resource quota to a namespace, define a quota object in the namespace’s YAML manifest, specifying the desired limits.

dev-resource-quota.yml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: dev-quota-limit
  namespace: dev
spec:
  hard:
    pods: "10"
    requests.cpu: "2"
    requests.memory: 2Gi
    limits.cpu: "4"
    limits.memory: 4Gi

Create the resource and see the details using describe command as follows.

$ kubectl apply -f dev-resource-quota.yml 

resourcequota/dev-quota-limit created


$ kubectl describe namespace/dev

Name:         dev
Labels:       kubernetes.io/metadata.name=dev
              name=dev
Annotations:  description: This is dev namespace for developers
              owner: [email protected]
Status:       Active

Resource Quotas
  Name:            dev-quota-limit
  Resource         Used  Hard
  --------         ---   ---
  limits.cpu       0     4
  limits.memory    0     4Gi
  pods             0     10
  requests.cpu     0     2
  requests.memory  0     2Gi

No LimitRange resource.

Conclusion:

Namespaces are indispensable constructs in Kubernetes, enabling efficient resource management, organization, and governance within clusters. By leveraging namespaces effectively, teams can streamline operations, enhance security, and foster collaboration in complex Kubernetes environments. Mastering namespaces is not merely a best practice but a fundamental step toward orchestrating resilient and scalable Kubernetes deployments. I hope you have got a clarity on namespaces in Kubernetes.

By |Last Updated: April 23rd, 2024|Categories: Kubernetes|