Kubenetes study notes Namespace

What is a Namespace

In Kubernetes, namespaces provide a mechanism for isolating resource groups in a single cluster. Resource names must be unique within a namespace, but not across namespaces. Namespace based scope only applies to namespace objects (such as deployment, service, etc.), not cluster wide objects (such as StorageClass, Nodes, PersistentVolumes, etc.).

Namespace common operations

Abbreviated as psnamespace: PS1
ps2: for namespace naming, be careful not to use kube prefix, which is reserved by kubenets system namespace.

  • Query namespace kubectl get ns
  • Create namespace kubectl create ns name
  • Delete namespace kubectl delete ns name

Note when deleting a namespace:
1. Deleting ns will automatically delete all resources belonging to ns
2. The default and Kube system namespaces cannot be deleted
3. Persistent volumes do not belong to any namespace, but persistent volumeclaim belongs to a specific namespace.
Whether events belong to namespace depends on the object that generates events.

using namespace std

Set namespace for request

kubect get pods --namespace=ns-name

Set namespace preferences

kubectl config set-context --current --namespace=ns-name
kubectl config viw --minify|grep namespace(View current ns)

Namespace and DNS

establish service When, the corresponding is created[DNS entry](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/).  The format of this entry is < service name >< namespace>. svc. cluster. local. This means that if the container only uses < service name >, it will resolve to a service local to the namespace. This is useful for using the same configuration across multiple namespaces, such as Development, Staging, and Production. If you want to access across namespaces, you need to use a fully qualified domain name (FQDN).

Therefore, all namespace names must be valid RFC 1123 DNS label.

RFC 1123 tag name
Some resource types require their names to follow the DNS label standard defined in RFC 1123. This means that the name must:
Up to 63 characters
Contains only lowercase alphanumeric characters or "-"
Start with alphanumeric characters
End with alphanumeric characters

Not all objects are in namespaces

Most Kubernetes resources (such as pod, service, replication controller, etc.) are located in some namespace. However, the namespace resource itself is not in the namespace. And low-level resources, such as nodes and persistent volumes, are not in any namespace.

To see which Kubernetes resources are in the namespace and which are not:

# In a namespace
kubectl api-resources --namespaced=true

# Not in a namespace
kubectl api-resources --namespaced=false

Automatic labeling

The Kubernetes control plane sets an immutable label Kubernetes io/metadata. Name is on all namespaces, provided that the NamespaceDefaultLabelName function gate is enabled. The value of the tag is the namespace name.

Share cluster with namespace

View namespace

#View all namespace s
kubectl get ns
#View a specific namespace
kubectl get ns ns-name
#View namespace details
kubectl describe ns ns-name
Name:           default
Labels:         <none>
Annotations:    <none>
Status:         Active

No resource quota.

Resource Limits
 Type       Resource    Min Max Default
 ----               --------    --- --- ---
 Container          cpu         -   -   100m
 Note that these details show the resource quota (if any) and the range of resource restrictions.

Resource quotas track the aggregate usage of resources in namespaces and allow cluster operators to define hard resource usage limits that may be consumed by namespaces.

The restriction scope defines the minimum amount of resources that a single entity can consume in the namespace/Maximum constraint.

Kubernetes starts with three initial namespaces:

  • Default the default namespace of an object that does not have another namespace
  • The namespace of objects created by the Kube systemkubernetes system
  • Kube public this namespace is created automatically and can be read by all users, including unauthenticated users. This namespace is reserved for the use of the cluster to prevent some resources from being public, visible and readable in the whole cluster. The public aspect of this namespace is just a convention, not a requirement.

Create namespace

  • Using yaml files
vim first-namespace.yaml
apiVersion: v1
kind: Namespace
     name: namespace-name
#Use command
kubetctl create -f ./first-namespace.yaml
  • Using the command line
kubectl crate namespace namespace-name

Delete namespace

  • Delete namespace
kubectl delete namespace namespace-name

PS: delete will delete all contents under the namespace

Keywords: Docker Kubernetes

Added by DJ Unique on Tue, 22 Feb 2022 14:08:17 +0200