Skip to main content

Kubernetes: 4. Namespaces

  • All the default pods that are required for networking, DNS etc are kept in kube-system namespace
  • The resource that are to be made available to the public are kept in kube-public namespace
  • All the user created resources can be kept in the default namespace or a custom namespace

Custom Namespaces
  • Can have their own policies, defining what can be done in the namespace
  • Resource quotas [CPU, Memory] can be enforced in the namespace
  • Each resource within the namespace can be reached directly by its service name
  • A resource in a namespace can reach to the resource in another namespace by appending the namespace name and further appending ".svc.cluster.local"
  • So a db-service pod in a dev namespace can reached as db-service.dev.svc.cluster.local
  • Note that we are referring to service-name here and NOT the pod-name
  • This is because when a service is created a DNS entry is automatically created in the above format
    • cluster.local is the domain name
    • svc is the sub-domain for service
    • dev is the namespace
    • db-service is the service name
  • To set the quota limits in a namespace, create the resource definition file for the namespace and set the limits in it

ResourceQuota
  • If a resource quota is applied to a namespace then all pod containers have to declare the requests and limits for CPU and Memory
  • Sum of all the CPU/Memory requests/limits in the pod cannot be more than what is declared in ResourceQuota for namespace
  • Requests are what containers gets for sure
  • Limits are the threshold values beyond which a container cannot go
  • Limit is always  set greater than requests otherwise kubernetes throws an error

namespace-definition.yaml
apiVersion: v1
kind: Namespace
metadata:
    name: dev

compute-resource-quota-definition.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
    name: compute-quota
    namespace: dev

spec:
    hard:
        pods: "10"
        requests.cpu: "4"
        requests.memory: "5Gi"
        limits.cpu: "10"
        limits.memory: "10Gi"

pod-definition-with-namespace.yaml
apiVersion: v1
kind: Pod
metadata:
    name: myapp-pod
    namespace: dev
    labels:
        app: myapp
        location: IN

spec:
    containers:
    - name: nginx-container
    image: nginx
    - name: backed-db
    image: redis

pod-definition.yaml
apiVersion: v1
kind: Pod
metadata:
    name: myapp-pod
    labels:
        app: myapp
        location: IN

spec:
    containers:
    - name: nginx-container
    image: nginx
    - name: backed-db
    image: redis

kubectl get pods                         
-> Get pods from default namespace

kubectl get pods --namespace kube-system 
-> Get pods from kube-system namespace

kubectl create -f pod-definition.yaml    
-> Create pod from definition file in default namespace

kubectl create -f pod-definition.yaml --namespace=dev 
-> Create pod from definition file in dev namespace, alternatively provide the namespace in metadata section

kubectl create -f namespace-definition.yaml 
-> Create[kubernetes resource] a namespace from definition file

kubectl create namespace dev             
-> Create a namespace from CLI

kubectl config set-context $(kubectl config current-context) --namespace=dev 
-> Set the dev namespace as the default namespace in the current context

kubectl get pods --all-namespaces        
-> Get pods from all the namespaces

kubectl create -f compute-resource-quota-definition.yaml 
-> Create[kubernetes resource] namespace and define the quotas in the namespace

kubectl get ns                           
-> Get the namespaces

kubectl get namespace                    
-> Get the namespaces



Comments

Popular posts from this blog

Azure Active Directory

Azure Active directory (AAD) is a Identity as a Service. This is a smaller subset of Active directory. This is not a replacement to active directory at all. Azure active directory provides the identity services to the mobile apps and web apps in Private cloud. These apps may be connected to on-premise applications. So an SSO is enabled for these apps. So Azure active directory has very simple functionality. Create Users, Groups. Map groups to network security groups and provide the authentication to the resources. When you login to Azure portal, right upper corner of the screen has username along with the domain. Domain or tenant or organization are used interchangeably. Management of Users and Groups: Cloud identity (create users manually)  Directory synchronized identifiers (users are synchronized)  Add users Adding a cloud identity users makes the user as Guest When you do directory synchronization on Premise AD Groups are synched up wi...

Kubernetes: 19. Configure Application

Configuring application consists of Configuring commands and arguments on applications Configuring environment variables Configuring secrets Docker Commands docker run ubuntu  -> Runs ubuntu container and exit, container CMD is set to [bash], so the container quitely exits docker run ubuntu echo "Hello World" -> Runs ubuntu container, prints "Hello World" exits quitely. To update the default settings, create your own image from the base image lets call this ubuntu-sleeper image FROM ubuntu CMD sleep 5 CMD can also be mentioned in the JSON format like CMD ["sleep", "5"] Note that with JSON format the first element should always be the command to execute,  for eg, it CANNOT be ["sleep 5"] Run build the new ubuntu-sleeper image and run the new image docker build -t ubuntu-sleeper .  -> Build the image docker run ubuntu-sleeper -> Run the new image So the new image will launch ubuntu container, sleep for 5 seconds and quitely ex...

underscore.js extend

underscore.js is a javascript utility library. Let us understand the extend method of this very useful library. _.extend is for extending a given object with all the properties of the passed-in object(s) Here is an example, we have three objects aObj, bObj, cObj and we want to combine them into single object. Using _.extend is a simple way of combining these objects. And before trying out the example don't forget to import the underscore.js library Now access the source code of underscore.js and look for the extend method. This is how it looks like This uses functional programming style.  createAssigner takes two inputs and returns a function. The two inputs are (1) keysFunc  (2) defaults Since it is returning a function, so a closure is formed, and the returned function remembers the two inputs Looking at the source code from the line (keys = keysFunc(source)) it is evident that keysFunc is a function itself. ...