Kubernetes is a powerful container orchestration tool that helps manage distributed applications at scale. An essential aspect of Kubernetes is organizing your cluster’s resources through namespaces. This article will serve as a step-by-step guide for creating and managing Kubernetes namespaces, with examples ranging from basic to advanced commands.

What are Kubernetes Namespaces?

Kubernetes namespaces are a way to divide cluster resources among multiple users via virtual clusters. A namespace is a logical entity that represents a collection of resources. Namespaces are particularly useful for environments with many users spread over multiple teams or projects.

Prerequisites

Before you begin, make sure you have the following:

A running Kubernetes cluster
kubectl command-line tool installed and configured

Basic Namespace Management

Creating a Namespace

kubectl create namespace my-namespace

The above command creates a namespace called ‘my-namespace’.

Listing All Namespaces

kubectl get namespaces

This command will list all the namespaces in your cluster.

Deleting a Namespace

kubectl delete namespace my-namespace

Running this command will delete the ‘my-namespace’.

Advanced Namespace Management

Namespace Resource Quotas

Resource quotas are a vital feature of namespaces. They allow you to manage the amount of resources that a namespace can consume. Below is how you can create a resource quota:

kubectl create quota my-quota --hard=cpu=2,memory=1Gi,pods=10 --namespace=my-namespace

This creates a resource quota ‘my-quota’ in ‘my-namespace’ that limits to using 2 CPUs, 1Gi of memory, and can only run 10 pods.

Labeling and Annotating Namespaces

kubectl label namespaces my-namespace my-label=awesome
kubectl annotate namespaces my-namespace my-annotation=cool

Labels and annotations are key/value pairs that can be attached to namespaces. They serve as identifiers for filtering and selection purposes.

Working with Multiple Namespaces

Running Commands in a Specific Namespace

kubectl get pods --namespace=my-namespace

This command will list all pods in ‘my-namespace’.

Setting a Default Namespace for kubectl

kubectl config set-context --current --namespace=my-namespace

By running this command, ‘my-namespace’ will be set as the default namespace for subsequent kubectl commands.

Executing Commands Across All Namespaces

kubectl get pods --all-namespaces

This command will show the pods from all namespaces in the cluster.

Using Namespaces in YAML Configuration

A namespace can also be specified in the metadata section of your YAML configuration files. Here is an example of a pod defined within a specific namespace:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: my-namespace
spec:
  containers:
  - name: my-container
    image: nginx

By including the namespace in your YAML, you ensure that the pod ‘my-pod’ is created in ‘my-namespace’.

Namespace Best Practices

Adopting best practices for namespace management helps streamline processes and maintain order within your Kubernetes cluster.

Use clear naming conventions: Select names that clearly indicate the purpose of the namespaces and are easy to remember.

Implement resource quotas: As seen earlier, resource quotas prevent a single namespace from consuming disproportionate resources which can affect other namespaces.
Utilize labels and annotations wisely: They are incredibly powerful for organizing and managing your namespaces as your cluster grows.

Advanced Example: Monitoring and Log Management for Namespaces

Setting up monitoring and log management for specific namespaces in Kubernetes can involve several steps. Below, I’ll outline an example of how you might configure Prometheus for monitoring and Fluentd (along with Elasticsearch) for log management in a specific namespace.

Step 1: Set Up Prometheus for Monitoring

First, let’s set up Prometheus to monitor resources in a specific namespace.

1.1 Deploy Prometheus in Your Namespace

You can deploy Prometheus using a YAML file. Here’s an example to deploy it in a namespace called my-namespace:

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus-deployment
  namespace: my-namespace
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus-server
  template:
    metadata:
      labels:
        app: prometheus-server
    spec:
      containers:
      - name: prometheus
        image: prom/prometheus
        ports:
        - containerPort: 9090

1.2 Configure Prometheus to Monitor Specific Namespace

You need to configure Prometheus to scrape metrics from targets within my-namespace. Modify the Prometheus config file (prometheus.yml) to define the scrape jobs for your namespace.

Step 2: Set Up Fluentd and Elasticsearch for Log Management

Now, let’s configure Fluentd to collect logs from my-namespace and send them to Elasticsearch.

2.1 Deploy Fluentd in Your Namespace

Deploy Fluentd in the same namespace. Ensure Fluentd is configured to watch for logs in my-namespace.

Here is an example DaemonSet configuration for Fluentd:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: my-namespace
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      name: fluentd
  template:
    metadata:
      labels:
        name: fluentd
    spec:
      containers:
      - name: fluentd
        image: fluent/fluentd:latest
        env:
          - name: FLUENT_ELASTICSEARCH_HOST
            value: "elasticsearch-logging"
          - name: FLUENT_ELASTICSEARCH_PORT
            value: "9200"

2.2 Configure Fluentd to Send Logs to Elasticsearch

Make sure Fluentd is configured to forward logs to an Elasticsearch service. This usually involves setting up the correct Fluentd output plugins and pointing them to your Elasticsearch cluster.

Step 3: Deploy Elasticsearch

Deploy Elasticsearch in your Kubernetes cluster. It can be in a different namespace. Fluentd will forward the logs to this Elasticsearch service.

Step 4: Access and Visualize the Data

Prometheus Data: Access the Prometheus UI to view metrics from my-namespace.

Log Data: Use Kibana or a similar tool to visualize and query the logs stored in Elasticsearch.

Final Notes:

Ensure that all components are correctly configured for inter-communication, especially if they are in different namespaces.

You might need to adjust RBAC (Role-Based Access Control) policies to allow Prometheus and Fluentd to access necessary resources.
Always test in a development environment before deploying to production.

This example provides a basic overview. Depending on your specific requirements and existing infrastructure, you may need to tailor the setup.

Conclusion

Namespaces are an integral part of Kubernetes that facilitate resource organization, management, and access controls. By mastering namespaces, you enhance the scalability and efficiency of your cluster management tasks.

Next Article: YAML Syntax: The Complete Cheat Sheet

Previous Article: Kubernetes error: User 'system:serviceaccount:default:default' cannot get services in the namespace

Series: Kubernetes Tutorials

DevOps