Working with Kubernetes Namespaces

Kubernetes namespaces are a way to organize, isolate, and manage Kubernetes resources. They provide a virtual sub-cluster within a Kubernetes cluster, and they can be used to separate resources by project, team, or environment.

Each namespace has its own unique identifier, and resources within a namespace can only be accessed by users who have permission to access that namespace. This helps to prevent conflicts between different teams or projects, and it also helps to improve security by isolating resources from each other.

Some of the benefits of using Kubernetes namespaces include:

  • Isolation: Namespaces isolate resources from each other, which can help to prevent conflicts and improve security.
  • Organization: Namespaces can be used to organize resources by project, team, or environment. This can make it easier to manage resources and to find the resources that you need.
  • Resource quotas: Namespaces can be used to set resource quotas, which can help to ensure that no single team or project consumes too many resources.
  • Role-based access control (RBAC): RBAC can be used to grant users different levels of access to resources within a namespace. This can help to improve security and to ensure that users only have access to the resources that they need.

Here are some examples of how Kubernetes namespaces can be used:

  • A production team can use a namespace to isolate their production resources from the development team’s resources.
  • A company can use namespaces to isolate the resources of its different customers.
  • A team can use namespaces to isolate the resources of its different projects.
  • A developer can use namespaces to isolate the resources of their different development environments.

namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: playgroundinyaml

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
  labels:
    app: hello-world
  namespace: playground1
spec:
  replicas: 4
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: gcr.io/google-samples/hello-app:1.0
        ports:
        - containerPort: 8080

Commands

$ ssh aen@c1-master1
$ cd ~/content/course/m3/demos

#Get a list of all the namespaces in our cluster
$ kubectl get namespaces

#get a list of all the API resources and if they can be in a namespace
$ kubectl api-resources --namespaced=true | head
$ kubectl api-resources --namespaced=false | head

#Namespaces have state, Active and Terminating (when it's deleting)
$ kubectl describe namespaces

#Describe the details of an indivdual namespace
$ kubectl describe namespaces kube-system

#Get all the pods in our cluster across all namespaces. Right now, only system pods, no user workload
$ kubectl get pods --all-namespaces

#Get all the resource across all of our namespaces
$ kubectl get all --all-namespaces

#Get a list of the pods in the kube-system namespace
$ kubectl get pods --namespace kube-system

#Imperatively create a namespace
$ kubectl create namespace playground1

#Imperatively create a namespace...but there's some character restrictions. Lower case and only dashes.
$ kubectl create namespace Playground1

#Declaratively create a namespace
more namespace.yaml
$ kubectl apply -f namespace.yaml

#Get a list of all the current namespaces
$ kubectl get namespaces

#Start a deployment into our playground1 namespace
$ more deployment.yaml
$ kubectl apply -f deployment.yaml

#Creating a resource imperitively
$ kubectl run hello-world-pod \
    --image=gcr.io/google-samples/hello-app:1.0 \
    --generator=run-pod/v1 \
    --namespace playground1

#Where are the pods?
$ kubectl get pods

#List all the pods on our namespace
$ kubectl get pods --namespace playground1
$ kubectl get pods -n playground1

#Get a list of all of the resources in our namespace...Deployment, ReplicaSet and Pods
$ kubectl get all --namespace=playground1

# Try to delete all the pods in our namespace...this will delete the single pod.
# But the pods under the Deployment controller will be recreated.
$ kubectl delete pods --all --namespace playground1

# Get a list of all of the *new* pods in our namespace
$ kubectl get pods -n playground1

#Delete all of the resources in our namespace and the namespace and delete our other created namespace.
#This deletes the Deployment controller, the Pods...or really ALL resources in the namespaces
$ kubectl delete namespaces playground1
$ kubectl delete namespaces playgroundinyaml

#List all resources in all namespaces, now our Deployment is gone.
$ kubectl get all
$ kubectl get all --all-namespaces
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)