In Kubernetes, a namespace is a virtual cluster created within a physical cluster. Namespaces are used to divide cluster resources between multiple users. This allows for better resource organization, isolation, and access control.
In the vast cosmos of Kubernetes, the concept of namespaces serves as a guiding star, illuminating the way for efficient resource management and organizational clarity within clusters. Understanding namespaces is crucial for orchestrating diverse workloads, ensuring seamless collaboration, and maintaining robust security. In this article, we delve into the essence of namespaces in Kubernetes, exploring their significance, functionalities, and practical applications.
What Are Namespaces?
In Kubernetes, namespaces provide a logical boundary within a cluster, segregating resources into distinct scopes. Think of namespaces as virtual clusters within a physical cluster, each with its own isolated set of resources. This segregation fosters organization, enabling teams to work independently without interfering with each other’s operations.
For example, I have a GKE cluster and use the following command to list the namespaces.
$ kubectl get namespaces
NAME STATUS AGE
default Active 3d11h
gke-managed-system Active 3d11h
gmp-public Active 3d11h
gmp-system Active 3d11h
kube-node-lease Active 3d11h
kube-public Active 3d11h
kube-system Active 3d11h
What are the benefits of using namespaces in Kubernetes?
Namespaces are a way to divide a single Kubernetes cluster into multiple virtual clusters. This can be useful for a number of reasons:
- Resource organization: Namespaces allow you to group related resources together and manage them as a unit. For example, you might create a namespace for a particular application or team.
- Access control: Namespaces can be used to control who has access to which resources. You can assign different roles and permissions to different users or groups within a namespace.
- Resource isolation: Namespaces can provide a level of isolation between different parts of your application or different teams. This can help prevent resource contention and make it easier to manage resources at scale.
- Namespace-scoped resources: Some Kubernetes resources, like ConfigMaps and Secrets, can be scoped to a namespace. This means that they are only accessible within that namespace.
Default Namespace: The Foundation
Upon initialization, Kubernetes creates a default namespace where resources are initially deployed if no explicit namespace is specified. This default namespace serves as the foundation, housing essential system components and user workloads unless otherwise specified. While convenient for quick deployments, it’s essential to manage resources across multiple namespaces for scalability and organization.
Every Kubernetes cluster has a default namespace. When you create resources without specifying a namespace, they automatically go into the default namespace.
Manage Namespaces: Create, Update and List
1. Creating a namespace
Creating a namespace in Kubernetes is a straightforward process, accomplished using either imperative or declarative methods. You can use the following imperative command to create the namespace.
$ kubectl create namespace k8s-training-namespace
namespace/k8s-training-namespace created
Alternatively, it is recommended to use a manifest file to create the namespace using the YML file.
apiVersion: v1
kind: Namespace
metadata:
#namespace_name
name: dev
labels:
name: dev
annotations:
description: This is dev namespace for developers
owner: [email protected]
In this example, I have added two annotations to the metadata
section of the Namespace
object:
description
: This is a custom annotation that provides a brief description of the namespace.owner
: This is another custom annotation that specifies the owner of the namespace.
Use the kubectl apply command to create the namespace.
$ kubectl apply -f dev-namespace.yaml
namespace/dev created
$ kubectl describe namespace/dev
Name: dev
Labels: kubernetes.io/metadata.name=dev
name=dev
Annotations: description: This is dev namespace for developers
owner: [email protected]
Status: Active
No resource quota.
2. List namespaces:
Listing namespaces within a cluster is effortless:
$ kubectl get namespaces
NAME STATUS AGE
default Active 3d12h
gke-managed-system Active 3d12h
gmp-public Active 3d12h
gmp-system Active 3d12h
k8s-training-namespace Active 40m
kube-node-lease Active 3d12h
kube-public Active 3d12h
kube-system Active 3d12h
Sometimes yoiu want to list resources in all resources, you can use --namespace=all-namespaces
option. For example:
To list pods in all namespaces:
This will display information about all pods across all namespaces in your Kubernetes cluster. This command is helpful for obtaining an overview of the pods running in the entire cluster, regardless of the namespace they belong to. For example in a GKE cluster
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
gmp-system alertmanager-0 2/2 Running 0 3d12h
gmp-system collector-2wrhm 2/2 Running 0 3d12h
gmp-system collector-l4vcg 2/2 Running 0 3d12h
gmp-system collector-zhwmm 2/2 Running 0 3d12h
gmp-system gmp-operator-5585475b4c-f78md 1/1 Running 0 3d12h
gmp-system rule-evaluator-84876d5bb-lhhxn 2/2 Running 3 (3d12h ago) 3d12h
kube-system event-exporter-gke-7d996c57bf-nbnhk 2/2 Running 0 3d12h
kube-system fluentbit-gke-44hlc 2/2 Running 0 3d12h
kube-system fluentbit-gke-75bhx 2/2 Running 0 3d12h
kube-system fluentbit-gke-8n8nq 2/2 Running 0 3d12h
kube-system gke-metrics-agent-vrhnl 2/2 Running 0 3d12h
kube-system gke-metrics-agent-w88rq 2/2 Running 0 3d12h
kube-system gke-metrics-agent-wsqf7 2/2 Running 0 3d12h
kube-system konnectivity-agent-557c9b8db9-x6p26 2/2 Running 0 3d12h
kube-system konnectivity-agent-557c9b8db9-xl8vs 2/2 Running 0 3d12h
kube-system konnectivity-agent-557c9b8db9-zbqjj 2/2 Running 0 3d12h
kube-system konnectivity-agent-autoscaler-5847cf65c7-wmlct 1/1 Running 0 3d12h
kube-system kube-dns-6f955b858b-6cxrw 4/4 Running 0 3d12h
kube-system kube-dns-6f955b858b-ch9pk 4/4 Running 0 3d12h
kube-system kube-dns-autoscaler-755c7dfdf5-7z69f 1/1 Running 0 3d12h
kube-system kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-hj6z 1/1 Running 0 3d12h
kube-system kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-q1bh 1/1 Running 0 3d12h
kube-system kube-proxy-gke-k8-training-clus-k8s-training-nod-ae904395-r6nw 1/1 Running 0 3d12h
kube-system l7-default-backend-6779bb6c8d-k8cp2 1/1 Running 0 3d12h
kube-system metrics-server-v0.6.3-764c8d87d9-jczmp 2/2 Running 0 3d12h
kube-system pdcsi-node-jrkvc 2/2 Running 0 3d12h
kube-system pdcsi-node-s9lxq 2/2 Running 0 3d12h
kube-system pdcsi-node-tglv2 2/2 Running 0 3d12h
Similarly, to list all resources in all namespaces.
## Similarly to list all resources in all-namespaces
$ kubectl get all --all-namespaces
3. Delete namespace:
To delete a namespace in Kubernetes, you can use the kubectl delete namespace
command followed by the name of the namespace you want to delete. Here’s the command:
$ kubectl delete namespace test
namespace "test" deleted
4. Setting Namespace Context
Managing multiple namespaces can be daunting without the ability to switch context seamlessly. Kubernetes provides a convenient way to set the current namespace context, simplifying administrative tasks and resource operations within specific scopes.
To set the current namespace context, use the following command:
kubectl config set-context --current --namespace=<namespace-name>
5. Commonly used namespace commands
Here are some useful kubectl
commands for working with namespaces:
kubectl get pods --namespace=<namespace>
: List all pods in a namespace.kubectl create -f <file.yaml> --namespace=<namespace>
: Create a resource from a YAML file in a namespace.kubectl delete -f <file.yaml> --namespace=<namespace>
: Delete a resource from a YAML file in a namespace.kubectl config set-context --current --namespace=<namespace>
: Set the default namespace for yourkubectl
context.
Remember, namespaces are a powerful tool for organizing and controlling access to your Kubernetes resources. Use them wisely!
Resource Quotas: Governing Limits in Namespace
Namespaces in Kubernetes aren’t just about segregation; they’re also about resource governance. Resource quotas allow administrators to set constraints on the consumption of CPU, memory, and other resources within namespaces, preventing resource contention and ensuring fair resource distribution across teams.
To apply a resource quota to a namespace, define a quota object in the namespace’s YAML manifest, specifying the desired limits.
apiVersion: v1
kind: ResourceQuota
metadata:
name: dev-quota-limit
namespace: dev
spec:
hard:
pods: "10"
requests.cpu: "2"
requests.memory: 2Gi
limits.cpu: "4"
limits.memory: 4Gi
Create the resource and see the details using describe command as follows.
$ kubectl apply -f dev-resource-quota.yml
resourcequota/dev-quota-limit created
$ kubectl describe namespace/dev
Name: dev
Labels: kubernetes.io/metadata.name=dev
name=dev
Annotations: description: This is dev namespace for developers
owner: [email protected]
Status: Active
Resource Quotas
Name: dev-quota-limit
Resource Used Hard
-------- --- ---
limits.cpu 0 4
limits.memory 0 4Gi
pods 0 10
requests.cpu 0 2
requests.memory 0 2Gi
No LimitRange resource.
Conclusion:
Namespaces are indispensable constructs in Kubernetes, enabling efficient resource management, organization, and governance within clusters. By leveraging namespaces effectively, teams can streamline operations, enhance security, and foster collaboration in complex Kubernetes environments. Mastering namespaces is not merely a best practice but a fundamental step toward orchestrating resilient and scalable Kubernetes deployments. I hope you have got a clarity on namespaces in Kubernetes.