Namespaces: Grouping Resources
Why We Need Namespaces
Although labels are simple and efficient, too many labels can cause chaos and make querying inconvenient. Labels can overlap with each other, which is not suitable for certain scenarios. This is where namespace comes in. Namespaces allow you to isolate and manage resources in a more systematic way. Multiple namespaces can divide systems that contain multiple components into different non-overlapped groups. Namespaces also enable you to divide cluster resources between users. In this way, multiple teams can share one cluster.
Resources of the same type can share the same name as long as they are in different namespaces. Unlike most resources in Kubernetes can be managed by namespace, global resources do not belong to a specific namespace. Later sections will discuss this topic in detail.
Run the following command to query namespaces in the current cluster:
$ kubectl get ns NAME STATUS AGE default Active 36m kube-node-realease Active 36m kube-public Active 36m kube-system Active 36m
By now, we are performing operations in the default namespace. When kubectl get is used but no namespace is specified, the default namespace is used by default.
You can run the following command to view resources in namespace kube-system.
$ kubectl get po --namespace=kube-system NAME READY STATUS RESTARTS AGE coredns-7689f8bdf-295rk 1/1 Running 0 9m11s coredns-7689f8bdf-h7n68 1/1 Running 0 11m everest-csi-controller-6d796fb9c5-v22df 2/2 Running 0 9m11s everest-csi-driver-snzrr 1/1 Running 0 12m everest-csi-driver-ttj28 1/1 Running 0 12m everest-csi-driver-wtrk6 1/1 Running 0 12m icagent-2kz8g 1/1 Running 0 12m icagent-hjz4h 1/1 Running 0 12m icagent-m4bbl 1/1 Running 0 12m
You can see that there are many pods in kube-system. coredns is used for service discovery, everest-csi for connecting to storage services, and icagent for connecting to the monitoring system.
These general, must-have applications are put in the kube-system namespace to isolate them from other pods. They are invisible to and free from being affected by resources in other namespaces.
Creating a Namespace
Define a namespace.
apiVersion: v1 kind: Namespace metadata: name: custom-namespace
Run the kubectl command to create it.
$ kubectl create -f custom-namespace.yaml namespace/custom-namespace created
You can also run the kubectl create namespace command to create a namespace.
$ kubectl create namespace custom-namespace namespace/custom-namespace created
Create resources in the namespace.
$ kubectl create -f nginx.yaml -n custom-namespace pod/nginx created
By now, namespaces default and custom-namespace both have a pod named nginx.
The Isolation function of Namespaces
Namespaces are used to group resources only for organization purposes. Running objects in different namespaces are not essentially isolated. For example, if pods in two namespaces know the IP address of each other and the underlying network on which Kubernetes depends does not provide network isolation between namespaces, the two pods can access each other.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot