Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Namespace and Network

Updated on 2023-12-21 GMT+08:00

A namespace provides a method of allocating resources among multiple users. It applies to scenarios where multiple teams or projects exist. Currently, CCI provides general-computing resources. When creating a namespace, you need to select a resource type. Subsequently, new workloads will run on this type of cluster.

  • General-computing: Supports creation of container instances and workloads with CPU resources. This namespace type is suitable for general computing scenarios.

A network is a Kubernetes resource object extended for CCI. You can associate a network with a Virtual Private Cloud (VPC) and subnet so that CCI can use network resources of the public cloud.

Relationship Between a Namespace and Network

A namespace corresponds to a subnet in a VPC, as shown in Figure 1. When a namespace is created, it will be associated with a VPC, and a subnet will be created under the VPC. In this namespace, resources such as pods and Services are created in the corresponding VPC and subnet, and the IP addresses in the subnet are used.

If you want to run resources of multiple services in the same VPC, you need to plan subnet CIDR blocks and IP addresses.

Figure 1 Relationship between namespaces and VPC subnets

Scenarios Where Multiple Namespaces Are Used

Because namespaces enable partial environment isolation, you can create different namespaces, such as production, test, and development namespaces based on project attributes when there are a large number of projects and persons.

Creating a Namespace

Under a namespace, a network is required to associate with a VPC and subnet. After a namespace is created, a network needs to be created.

NOTE:

In most cases, namespaces do not need to be frequently created. You are advised to create a namespace using the CCI console. For details, see Namespace.

In the following example, create a namespace named namespace-test, and specify the CCI resource type to general-computing.

apiVersion: v1
kind: Namespace
metadata:
  name: namespace-test
  labels:
    sys_enterprise_project_id: "0" 
  annotations:
    namespace.kubernetes.io/flavor: general-computing
spec:
  finalizers:
  - kubernetes

The definition file is in the YAML or JSON format. For more details about the YAML format, see YAML Syntax.

  • sys_enterprise_project_id: enterprise project ID, which can be obtained from the project details page on the Enterprise Project Management (EPS) console. This field does not need to be set if you have not enabled EPS. If this parameter is not set, the default value 0 is used, indicating the default enterprise project.
  • namespace.kubernetes.io/flavor: general-computing: namespace type.

    There are two namespace types:

    • general-computing: Supports creation of container instances and workloads with CPU resources. This namespace type is suitable for general computing scenarios.
    • gpu-accelerated: Supports creation of container instances and workloads with GPU resources. This namespace type is suitable for scenarios such as deep learning, scientific computing, and video processing.

If the file name of the namespace definition is ns.yaml, run kubectl create -f ns.yaml to create a namespace. -f indicates that the namespace is created from a file.

# kubectl create -f ns.yaml 
namespace/namespace-test created

Run kubectl get ns to check whether the namespace is successfully created. In this command, ns indicates the namespace.

# kubectl get ns
NAME             STATUS    AGE
namespace-test   Active    23s

The preceding information indicates that the namespace namespace-test is created successfully and the duration is 23 seconds.

Log in to the CCI console. In the navigation pane, choose Namespaces. You can see that the namespace is created successfully but the status is Abnormal. This is because in CCI, you need to define a network policy for the namespace. For details, see Creating a Network.

Figure 2 Namespace - abnormal

Creating a Network

After creating a namespace, you need to create a network policy for the namespace and associate the namespace with the VPC and subnet.

The following example shows how to create a network named test-network.
apiVersion: networking.cci.io/v1beta1
kind: Network
metadata:
  annotations:
    network.alpha.kubernetes.io/default-security-group: security-group-id
    network.alpha.kubernetes.io/domain-id: domain-id
    network.alpha.kubernetes.io/project-id: project-id
  name: test-network
spec:
  cidr: 192.168.0.0/24
  attachedVPC: vpc-id
  networkID: network-id
  networkType: underlay_neutron
  subnetID: subnet-id
NOTE:

The CIDR blocks of the VPC and subnet cannot be 10.247.0.0/16, which is the CIDR block reserved by CCI for Services. If you use this CIDR block, IP address conflicts may occur, which may result in workload creation failures or service unavailability. If you do not need to access pods through Services, you can allocate this CIDR block to a VPC.

You can obtain the preceding parameters as follows:

  • network.alpha.kubernetes.io/domain-id: account ID, which can be obtained from My Credentials.
  • network.alpha.kubernetes.io/project-id: project ID, which can be obtained from My Credentials.
  • network.alpha.kubernetes.io/default-security-group: security group ID, which can be obtained from the Security Groups page.
    Figure 3 Obtaining the security group ID
  • cidr: subnet CIDR block.
  • attachedVPC: VPC ID, which can be obtained from the VPC console.
    Figure 4 Obtaining the VPC ID
  • networkID: subnet network ID, which can be obtained by choosing Virtual Private Cloud under Network and then choosing Subnets in the navigation pane.
    Figure 5 Obtaining the subnet network ID
  • networkType: network type. Currently, only the underlay_neutron network type is supported.
  • subnetID: subnet ID, which can be obtained by choosing Virtual Private Cloud under Network and then choosing Subnets in the navigation pane.
    Figure 6 Obtain the subnet ID.

If the file name of the network definition is network.yaml, run kubectl create -f network.yaml to create a namespace. -f indicates that the namespace is created from a file. namespace namespace-test indicates that it is created in the namespace namespace-test.

# kubectl create -f network.yaml --namespace namespace-test
network.networking.cci.io/test-network created

Log in to the CCI console. In the navigation pane, choose Namespaces. You can see that the namespace is created successfully and the status is Available.

Figure 7 Namespace - available

Specifying a Namespace for the kubectl Context

The network above is created in a specified namespace. The subsequent resources are created in a namespace. It is time-consuming to specify the namespace each time. You can specify the namespace for a kubectl context. In this way, the resources created in the context are all under this namespace, which facilitates operations.

To specify the namespace, you only need to add the --namespace option to the context setting command, as shown in the following command:

kubectl config set-context $context --namespace=$ns

In the preceding command, $ns indicates the namespace name, and $context indicates the context name, which can be customized or obtained by running the following command:

# kubectl config get-contexts
CURRENT   NAME                                         CLUSTER                  AUTHINFO                                  NAMESPACE
          cci-context-cn-east-3-1C8PNI0POPPCSFGXPM6S   cci-cluster-cn-east-3    cci-user-cn-east-3-1C8PNI0POPPCSFGXPM6S   
*         cci-context-cn-east-3-hwuser_xxx             cci-cluster-cn-east-3    cci-user-cn-east-3-hwuser_xxx       
          kubernetes-admin@kubernetes                  kubernetes               kubernetes-admin 

For example, if the namespace created above is named namespace-test, the command is as follows:

# kubectl config set-context cci-context --namespace=namespace-test

After a namespace is specified, you can run kubectl commands to directly operate CCI resources. For example, run kubectl get pod to check pod resources. The result shows that all resources are normal.

# kubectl get pod
No resources found.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback