kubernetes core combat
1. Resource creation method
Command line creation
yaml file creation
Namespace is the organization mechanism provided by Kubernetes, which is used to classify, filter and manage any group of objects in the cluster. Each workload added to the Kubernetes cluster must be placed in a namespace.
Namespace gives scope to object names in the cluster. Although the name must be unique in the namespace, the same name can be used in different namespaces. This can be very helpful for some scenarios. For example, if you use namespaces to divide the application lifecycle environment (such as development, staging, production), you can maintain a copy of the same object with the same name in each environment.
Namespaces also allow users to easily apply policies to specific parts of the cluster. You can control the use of resources by defining the ResourceQuota object, which sets the restrictions on the use of resources on the basis of each namespace. Similarly, when CNI (container network interface) supporting network policy is used on the cluster, such as calico or Canal (calico is used for policy and flannel is used for network). You can apply NetworkPolicy to namespaces, where rules define how pod s communicate with each other. Different namespaces can have different policies.
One of the biggest benefits of using namespaces is the ability to leverage Kubernetes RBAC (role-based access control). RBAC allows you to develop roles under a single name, grouping lists of permissions or functions. The ClusterRole object is used to define the usage pattern of the cluster size, while the Role object type is applied to the specific namespace to provide better control and granularity. After the role is created, RoleBinding can grant the defined functions to specific users or user groups in a single namespace context. In this way, namespaces enable cluster operators to map the same policies to an organized set of resources.
Mapping namespaces to teams or projects
Partitioning the lifecycle environment using namespaces
Use namespaces to isolate different consumers
[root@k8s-master-node1 ~]# kubectl create namespace cby namespace/cby created [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# kubectl get namespaces NAME STATUS AGE cby Active 2s default Active 21h ingress-nginx Active 21h kube-node-lease Active 21h kube-public Active 21h kube-system Active 21h kubernetes-dashboard Active 21h [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# kubectl delete namespace cby namespace "cby" deleted [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# kubectl get namespaces NAME STATUS AGE default Active 21h ingress-nginx Active 21h kube-node-lease Active 21h kube-public Active 21h kube-system Active 21h kubernetes-dashboard Active 21h [root@k8s-master-node1 ~]#
View yaml format
[root@k8s-master-node1 ~]# kubectl create namespace cby namespace/cby created [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# kubectl get namespaces cby -o yaml apiVersion: v1 kind: Namespace metadata: creationTimestamp: "2021-11-17T03:08:10Z" labels: kubernetes.io/metadata.name: cby name: cby resourceVersion: "311903" uid: 63f2e47d-a2a5-4a67-8fd2-7ca29bfb02be spec: finalizers: - kubernetes status: phase: Active
!(https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/e358ba9f0bfa41e39fa47c8f7420ffab~tplv-k3u1fbpfcp-zoom-1.image) **Linux Operation and maintenance Communication Community** Linux Operation and maintenance exchange community, Internet news and technical exchange. 57 Original content official account ![picture](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/5d357157ea1e4fceb1a22c8e6dc229c3~tplv-k3u1fbpfcp-zoom-1.image) https://blog.csdn.net/qq_33921750 https://my.oschina.net/u/3981543 https://www.zhihu.com/people/chen-bu-yun-2 https://segmentfault.com/u/hppyvyv6/articles https://juejin.cn/user/3315782802482007 https://space.bilibili.com/352476552/article https://cloud.tencent.com/developer/column/93230 Know CSDN,Open source China, Sifu, Nuggets, BiliBili, Tencent cloud