Namespaces Explained: A Beginner's Overview

What is Namespace?

Logically Organizing your resources within your cluster. It is nothing but virtual cluster inside the cluster.

Example: when multiple teams are involved and each working in different micro service app, then we have a dedicated namespace for each team to avoid conflicts.

• Provides isolation of resources

• Avoid accidental deletion/modification

• Separated by resource type or environment or domain and so on

• Resources can access each other in the same namespace with their first name by the DNS name for other namespaces

Default Namespaces?

When we create a cluster, there are some default namespaces that were created out of the box.

1. Default: All resources are created here by default if we don’t specify any NS, create other NS from here.

2. Kube-system: where control plane processes running . Don’t create or modify anything in this namespace.

3. Kube-node-lease : Gets information about the heart beats of the nodes, each node is associated lease object in NS . Determines the node availability.

4. Kube-public: Contains publicly access data, A configmap which contains the cluster information access even without the authentication.

• Access and resource limits :
  case-1: If Team 1 and Team 2 are working in their own dedicated namespaces, how can we ensure that each team has restricted access to their own secure and isolated environment?
  solution: Assign restricted access to each namespace so that teams only have access to their own namespace, creating a secure and isolated environment.

  Case-2: What happens if Team 1 consumes more resources than allocated, potentially causing Team 2 to run out of resources? can we limit resources such as CPU, RAM, and storage per namespace within the cluster?
  solution: Use ResourceQuotas to set limits on how much CPU, RAM, and storage each namespace can consume. This ensures fair resource distribution and prevents any one team from over-consuming resources, which could impact other teams.

kubectl create ns my-namespace
kubectl delete ns my-namespace 
kubectl get ns

You can create a namespace using the following command:

kubectl create namespace <namespace-name>

Example:

kubectl create namespace my-namespace

Alternatively, you can define a namespace in a YAML file:

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace

Then apply it with:

kubectl apply -f namespace.yaml

5. Listing Namespaces

To list all namespaces in a Kubernetes cluster:

kubectl get namespaces

6. Viewing Namespace Details

To view details about a specific namespace:

kubectl describe namespace <namespace-name>

7. Using Namespaces with Resources

When creating Kubernetes resources (like pods, services, etc.), you can specify the namespace in the resource definition:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: my-namespace
spec:
  containers:
  - name: my-container
    image: my-image

8. Accessing Resources in Different Namespaces

To access resources in a specific namespace, use the -n flag:

kubectl get pods -n my-namespace

9. Resource Quotas

Namespaces can have resource quotas to limit the amount of resources (CPU, memory, etc.) that can be consumed within them:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: my-quota
  namespace: my-namespace
spec:
  hard:
    requests.cpu: "4"
    requests.memory: "8Gi"
    limits.cpu: "10"
    limits.memory: "16Gi"

10. Role-Based Access Control (RBAC)

Namespaces work with RBAC to control access to resources within a namespace. You can create roles and role bindings specific to a namespace to manage permissions.

Example: Creating a role that allows reading pods in a namespace:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: my-namespace
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]

11. Deleting a Namespace

To delete a namespace and all its resources:

kubectl delete namespace <namespace-name>

12. Limitations of Namespaces

• Not for All Resource Types: Some resources (like nodes) exist at the cluster level and do not belong to any namespace.

• Overhead: Excessive use of namespaces can lead to management overhead and complexity.

1. imperative - by command

2. declarative - by yaml file

using the imperative approach to manage namespaces involves directly executing commands to create, delete, or manipulate namespaces.

Creating a Namespace

To create a new namespace imperatively, you can use the kubectl create namespace command.

Command:

kubectl create namespace <namespace-name>

Example:

kubectl create namespace my-namespace

2. Listing Namespaces

To list all the namespaces currently available in the Kubernetes cluster, use the following command:

Command:

kubectl get namespaces

Creating Resources in a Namespace

When creating resources within a specific namespace, you can use the -n or --namespace flag to specify the namespace.

Example: Creating a Pod in a Specific Namespace:

kubectl run my-pod --image=nginx -n my-namespace

Scaling a Deployment in a Namespace

If you have a deployment in a specific namespace, you can scale it using the -n flag.

Example:

kubectl scale deployment my-deployment --replicas=3 -n my-namespace

Accessing Resources in a Namespace

To access resources (like pods, services, etc.) in a specific namespace, you can use the -n flag with the get command.

Example: Listing Pods in a Namespace:

kubectl get pods -n my-namespace

Change active namespace:

we can change the active namespace without providing -n flag to every command in two ways:

1. Define NS for current context

2. Kubens tool - switch Namespace

• Define NS for current context: we can define the namespace for the current cluster context like

# This will set the namespace to the current context
kubectl config set-context --current -n my-namespace

• Kubens: Install kubens tool locally, use to switch namespaces

# This will list out all namespaces and active one
kubens 

# This will switch to my-namespace Namespace.
kubens my-namespace