Namespaces

A namespace is a collection of resources and objects. Multiple namespaces can be created in a single cluster with the data isolated from each other. This enables namespaces to share the services of the same cluster without affecting each other. For example, you can deploy workloads in a development environment into one namespace, and deploy workloads in a testing environment into another namespace.

Namespaces can be created in either of the following ways:

Created automatically: When a cluster is up, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
- default: All objects that no namespace is specified for are allocated to this namespace.
- kube-public: Resources in this namespace can be accessed by all users (including unauthenticated users), such as public add-ons and container charts.
- kube-system: All resources created by Kubernetes are in this namespace.
- kube-node-lease: Each node has an associated Lease object in this namespace. The object is periodically updated by the node. Both NodeStatus and NodeLease are considered as heartbeats from a node. In versions earlier than v1.13, only NodeStatus is available. The NodeLease feature is introduced in v1.13. Since NodeLease is much more lightweight than NodeStatus, this feature makes node heartbeat significantly cheaper from both scalability and performance perspectives.
Created manually: You can create namespaces to serve separate purposes. For example, you can create three namespaces, one for a development environment, one for a joint debugging environment, and one for a testing environment. You can also create namespaces for different workloads. For example, you can create one namespace for login services and one for game services.
- If the namespace in a service mesh is the same as that in a fleet cluster, the asm-mesh-controller add-on automatically synchronizes services and service instances in the fleet cluster to the service mesh.
- When the fleet cluster is connected to the service mesh, the asm-mesh-controller add-on is automatically installed in the asm-system namespace of the cluster. This add-on cannot be manually installed on the CCE add-on page.
- The asm-mesh-controller add-on can:
  - Automatically synchronize service instances in a fleet cluster to a service mesh, including the synchronization of their creation, update, and deletion statuses.
  - Automatically synchronize services in a fleet cluster to a service mesh, including the synchronization of their creation statuses. However, their service update and deletion statuses are not synchronized (except for services over a new service port). As a result, you need to update and delete services on the service page.
  - Inject sidecars into pods for a fleet cluster.
  - Create, delete, and update pods and services for gateway instances.

Creating a Namespace

Creating a namespace on the console

Log in to the UCS console. In the navigation pane, choose Service Meshes.
Click the service mesh name to go to the details page.
In the navigation pane, choose Service Center > Namespace.
Click Create Namespace in the upper right corner.

Figure 1 Creating a namespace

Configure namespace parameters listed in the following table.

Parameter	Description
Name	Enter a name for the namespace, which must be unique in a cluster.
Description	Describe the namespace.
Labels	Add a label key-value pair.

You are advised to configure a resource quota in the namespace as required to prevent cluster or node exceptions caused by resource overload.

For example, the default number of pods that can be created on each node in a cluster is 110. If you create a cluster with 50 nodes, you can create a maximum of 5,500 pods. You can configure a resource quota to ensure that the total number of pods in all namespaces does not exceed 5,500.

Click OK.

Creating a namespace by editing the YAML file

apiVersion: v1 
kind: Namespace                     # Set kind to Namespace.
metadata: 
  name: weather                     # Enter a name for the namespace.
  annotations: 
    namespaceDesc: description 
labels: 
  app: forecast                     # Add a label key-value pair.
  restartNamespacePod: false        # Disable the restart service.
  istio-injection: disabled         # Disable the data plane proxy injection.

Updating a Namespace

To update a namespace on the console, perform the following steps:

Log in to the UCS console. In the navigation pane, choose Service Meshes.
Click the service mesh name to go to the details page.
In the navigation pane, choose Service Center > Namespace.
Locate the namespace and click Updates in the Operation column.

Configure namespace parameters.

**Table 1** Namespace parameters
Parameter	Description
Description	Add or modify the description.
Labels	Add or delete the label key-value pair.
Data Plane Proxy Injection	After this option is enabled, an istio-proxy container is automatically injected to a new pod. For existing pods, you need to restart services for automatic sidecar injection.
Restart Service	When automatic sidecar injection is enabled, workloads that are not injected with sidecars are restarted immediately to inject sidecars. When automatic sidecar injection is disabled, workloads that are injected with sidecars are restarted immediately to disable sidecar injection.

Click OK.

You can update a namespace by editing the YAML file.

Log in to the UCS console. In the navigation pane, choose Service Meshes.
Click the service mesh name to go to the details page.
In the navigation pane, choose Service Center > Namespace.
Locate the namespace and click Edit YAML in the Operation column.
Update the labels, description, and data plane proxy injection.
Click OK.

Deleting a Namespace

The default namespaces cannot be deleted. If a namespace is deleted, all resources (such as workloads, jobs, and ConfigMaps) in this namespace will be also deleted.