kubernetes core practice --- namespace

Keywords: Linux Kubernetes Container

kubernetes core combat

1. Resource creation method

Command line creation

yaml file creation

2,namespace

Namespace is the organization mechanism provided by Kubernetes, which is used to classify, filter and manage any group of objects in the cluster. Each workload added to the Kubernetes cluster must be placed in a namespace.

Namespace gives scope to object names in the cluster. Although the name must be unique in the namespace, the same name can be used in different namespaces. This can be very helpful for some scenarios. For example, if you use namespaces to divide the application lifecycle environment (such as development, staging, production), you can maintain a copy of the same object with the same name in each environment.

Namespaces also allow users to easily apply policies to specific parts of the cluster. You can control the use of resources by defining the ResourceQuota object, which sets the restrictions on the use of resources on the basis of each namespace. Similarly, when CNI (container network interface) supporting network policy is used on the cluster, such as calico or Canal (calico is used for policy and flannel is used for network). You can apply NetworkPolicy to namespaces, where rules define how pod s communicate with each other. Different namespaces can have different policies.

One of the biggest benefits of using namespaces is the ability to leverage Kubernetes RBAC (role-based access control). RBAC allows you to develop roles under a single name, grouping lists of permissions or functions. The ClusterRole object is used to define the usage pattern of the cluster size, while the Role object type is applied to the specific namespace to provide better control and granularity. After the role is created, RoleBinding can grant the defined functions to specific users or user groups in a single namespace context. In this way, namespaces enable cluster operators to map the same policies to an organized set of resources.

Mapping namespaces to teams or projects

Partitioning the lifecycle environment using namespaces

Use namespaces to isolate different consumers

[root@k8s-master-node1 ~]# kubectl  create  namespace cby
namespace/cby created
[root@k8s-master-node1 ~]# 
[root@k8s-master-node1 ~]# kubectl  get namespaces 
NAME                   STATUS   AGE
cby                    Active   2s
default                Active   21h
ingress-nginx          Active   21h
kube-node-lease        Active   21h
kube-public            Active   21h
kube-system            Active   21h
kubernetes-dashboard   Active   21h
[root@k8s-master-node1 ~]# 
[root@k8s-master-node1 ~]# kubectl  delete  namespace cby
namespace "cby" deleted
[root@k8s-master-node1 ~]# 
[root@k8s-master-node1 ~]# 
[root@k8s-master-node1 ~]# kubectl  get namespaces 
NAME                   STATUS   AGE
default                Active   21h
ingress-nginx          Active   21h
kube-node-lease        Active   21h
kube-public            Active   21h
kube-system            Active   21h
kubernetes-dashboard   Active   21h
[root@k8s-master-node1 ~]#
View yaml format
  • [root@k8s-master-node1 ~]# kubectl  create  namespace cby
    namespace/cby created
    [root@k8s-master-node1 ~]# 
    [root@k8s-master-node1 ~]# kubectl  get namespaces cby -o yaml
    apiVersion: v1
    kind: Namespace
    metadata:
    creationTimestamp: "2021-11-17T03:08:10Z"
    labels:
      kubernetes.io/metadata.name: cby
    name: cby
    resourceVersion: "311903"
    uid: 63f2e47d-a2a5-4a67-8fd2-7ca29bfb02be
    spec:
    finalizers:
    
    - kubernetes
      status:
        phase: Active

  

  

![](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/e358ba9f0bfa41e39fa47c8f7420ffab~tplv-k3u1fbpfcp-zoom-1.image)

**Linux Operation and maintenance Communication Community**

Linux Operation and maintenance exchange community, Internet news and technical exchange.

57 Original content

official account

![picture](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/5d357157ea1e4fceb1a22c8e6dc229c3~tplv-k3u1fbpfcp-zoom-1.image)  

https://blog.csdn.net/qq_33921750

https://my.oschina.net/u/3981543

https://www.zhihu.com/people/chen-bu-yun-2

https://segmentfault.com/u/hppyvyv6/articles

https://juejin.cn/user/3315782802482007

https://space.bilibili.com/352476552/article

https://cloud.tencent.com/developer/column/93230

Know CSDN,Open source China, Sifu, Nuggets, BiliBili, Tencent cloud

  

Posted by david-remone123 on Wed, 24 Nov 2021 17:51:02 -0800