Managing Namespaces
A namespace is a collection of resources and objects. Multiple namespaces can be created in a single cluster with data isolated from each other. This enables namespaces to share the services of the same cluster without affecting each other. For example, you can deploy workloads in a development environment into one namespace, and deploy workloads in a testing environment into another namespace.
Table 1 describes the namespace types.
Type |
Description |
---|---|
Created by a cluster by default |
When a cluster is started, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
|
Created by a user |
You can create namespaces as required. For example, you can create one namespace for a development environment, one for a joint debugging environment, and one for a testing environment. You can also create one namespace for login services and one for game services. |
This section describes how to perform Creating a Namespace, Binding a Namespace, Managing Namespace Resource Quotas, Unbinding a Namespace, and Deleting a Namespace on clusters bound to a Kubernetes or VM + Kubernetes environment.
Restrictions
CCE cluster 1.11.7-r2 and later support Kubernetes RBAC authorization and namespace permission configuration. You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. For details, see Namespace Permissions.
If a CCE cluster 1.11.7-r2 or later is bound in the environment and namespace permissions are configured, you must have the administrator permission (cluster-admin) for all namespaces in the cluster or the development permission (admin) for a single namespace to be operated to manage namespaces.
Creating a Namespace
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Clusters from Compute.
- Go to the Namespace page.
- For an HA environment, click the cluster that has been bound in the environment and click the Namespace tab.
- For a non-HA environment, click the Namespace tab.
- Click Create Namespace and set the parameters by referring to the following table. Parameters marked with an asterisk (*) are mandatory.
Parameter
Description
*Namespace
Unique namespace name.
Enter 1 to 63 characters. Start with a lowercase letter and end with a lowercase letter or digit. Only use lowercase letters, digits, and hyphens (-).
Description
Namespace description. Enter up to 200 characters.
- Click OK.
- In an HA environment, the new namespace is automatically bound to the CCE cluster.
- In a non-HA environment, if a namespace is selected when Binding a Cluster, the new namespace can be bound to a CCE cluster only after Binding a Namespace is performed.
- In a non-HA environment, if no namespace is selected when Binding a Cluster, the new namespace is automatically bound to the CCE cluster.
Binding a Namespace
Only the cluster-created namespace default and user-created namespaces can be bound.
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Clusters from Compute.
- Go to the Namespace page.
- For an HA environment, click the cluster that has been bound in the environment and click the Namespace tab.
- For a non-HA environment, click the Namespace tab.
- Select the namespace whose Binding Status is Unbound.
- Click Binding Namespaces.
- Click OK.
After the namespace is bound, the status changes from Unbound to Bound.
Managing Namespace Resource Quotas
By default, pods running in a CCE cluster can use the CPUs and memory of a node without restrictions. This means that pods in a namespace may exhaust all resources of the cluster.
Kubernetes provides namespaces for you to group workloads in a cluster. By setting resource quotas for each namespace, you can prevent resource exhaustion and ensure cluster reliability. You can configure quotas for resources such as CPU, memory, and the number of pods in a namespace. For more information, see Resource Quotas.
Only the cluster-created namespace default and user-created namespaces support namespace resource quota management.
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Clusters from Compute.
- Go to the Namespace page.
- For an HA environment, click the cluster that has been bound in the environment and click the Namespace tab.
- For a non-HA environment, click the Namespace tab.
- Click Resource Quota Manager in the Operation column of the target namespace.
In the displayed Resource Quota Manager dialog box, view the resource types, total resource quotas, and accumulated quota usage in the namespace.
- Click Edit Quota and set the total quota of each resource type.
- If the usage of a resource type is not limited, leave it blank.
- If the usage of a resource type is limited, enter an expected integer ranging from 1 to 9,007,199,254,740,992.
-
Accumulated quota usage includes the default resources created by the cluster, such as the Kubernetes service (which can be viewed using kubectl) created under the default namespace. Therefore, you are advised to set a resource quota slightly greater than expected.
- If the total CPU or memory quota in a namespace is limited, you must set the maximum and minimum number of CPU cores and memory (GiB) that can be used by the component when setting resources for the container-deployed component of this namespace in Creating and Deploying a Component and Upgrading a Single Component. Otherwise, this operation will fail.
- If the total quota of other resource types in a namespace is limited and the remaining usage of this resource type does not meet requirements, the container-deployed components of this namespace will fail to be deployed.
-
- Click OK.
On the Resource Quota Manager page, view the total resource quota and accumulated quota usage of the resource type whose quota has been reset.
Unbinding a Namespace
After a namespace is unbound, it cannot be used when Creating and Deploying a Component based on a container in the the environment where the namespace is located.
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Clusters from Compute.
- Go to the Namespace page.
- For an HA environment, click the cluster that has been bound in the environment and click the Namespace tab.
- For a non-HA environment, click the Namespace tab.
- Select the namespace whose Binding Status is Bound, and click More> Unbind in the Operation column.
- Click Save.
After the namespace is unbound, the status changes from Bound to Unbound.
Deleting a Namespace
- Deleting a namespace will delete all resources (such as workloads and configuration items) in the namespace. As a result, Upgrading a Single Component, Upgrading Components in Batches, or Rolling Back a Component may fail for components running in the namespace.
- The namespaces (for example, default) created by the cluster by default cannot be deleted.
- Log in to ServiceStage.
- Choose Environment Management. The Environment Management page is displayed.
- Click the target environment. The Overview page is displayed.
- Choose Clusters from Compute.
- Go to the Namespace page.
- For an HA environment, click the cluster that has been bound in the environment and click the Namespace tab.
- For a non-HA environment, click the Namespace tab.
- Delete the namespace.
- To delete a single namespace, locate the target namespace and click Delete in the Operation column.
Figure 1 Deleting a single namespace
- To delete namespaces in batches, select the target namespaces and click Delete above the namespaces.
Figure 2 Deleting namespaces in batches
- To delete a single namespace, locate the target namespace and click Delete in the Operation column.
- In the displayed dialog box, enter DELETE and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot