In order to have a logical separation for different groups of resources, Kubernetes gives us the namespaces feature. It is also convenient when you have a big environment that is managed by multiple users or teams, and each one needs their own “space” for the resources that they are assigned to manage and administer. This is a much better solution than creating numerous Kubernetes clusters just to facilitate different groups of services or deployments, and to isolate teams to their own space.
Each namespace is a separate virtual cluster and, by default, resources in different namespaces are well isolated from each other and cannot talk to each other, but this can be changed by editing various network policies. In general, it is recommended to keep communication between namespaces disabled, in order for resources to stay isolated and more secure by reducing the attack surface.
In this tutorial, we will go over various ways to manage namespaces in Kubernetes on a Linux system. You will learn about kubectl commands that can be used to manage namespaces and see pertinent namespace information. Let’s get started!
In this tutorial you will learn:
- What are namespaces used for in Kubernetes?
- How to view information about configured namespaces
- YAML syntax for creating a Kubernetes namespace
- How to create or delete a namespace
- How to add a resource to a namespace in Kubernetes
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distro |
| Software | Kubernetes |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Use Scale Command in Kubernetes
Unless you have a relatively large Kubernetes environment which is managed by separate people, or unless you have very a diverse environment that requires some kind of isolation from other resources, it should not be necessary to create any extra namespaces. Kubernetes offers labels if you need a way to group your resources without the need for creating new namespaces.
The examples below assume that you already have your Kubernetes cluster up and running, and have access to the kubectl command.
- To view all of the configured namespaces in your Kubernetes cluster, execute this command:
$ kubectl get namespaces NAME STATUS AGE default Active 22s kube-node-lease Active 24s kube-public Active 24s kube-system Active 24s
Since we have not configured any extra namespaces yet, the output just shows the four default Kubernetes namespaces:
defaultis the namespace that your resources will go into by default, unless otherwise specified.
kube-node-leaseis the namespace for lease objects of each node, which send a heartbeat back to the control plane.
kube-systemis the namespace for any objects that were created by Kubernetes itself.
kube-publicis the namespace for resources that need to be accessible for all users regardless if they are authenticated or not. - To see information about a specific namespace, you can execute:
$ kubectl get namespaces [name of namespace]
- The
describeargument will give you extra information and details about a namespace you want to investigate:$ kubectl describe namespaces [name of namespace]
- To create a new namespace, we can use the following YAML syntax as a template:
apiVersion: v1 kind: Namespace metadata: name: [name of namespace]Then, execute the following command to add it to Kubernetes:
$ kubectl create -f ./my-new-namespace.yaml
- Another way is to create the namespace imperatively by using the following
kubectlcommand syntax:$ kubectl create namespace [name of namespace]
- To delete a namespace, we can issue the following command.
$ kubectl delete namespaces [name of namespace]
Keep in mind that the previous command will also delete all resources that exist under the namespace.
- Next, let’s see how to add an object to a namespace. As an example, we will create a new instance of Nginx and add it to the
my-serversnamespace:$ kubectl run --image=nginx nginx-server --port=80 -n=my-servers
We can see that our Nginx pod is inside of the my-servers namespace in Kubernetes
Closing Thoughts
In this tutorial, we saw how to use namespaces in Kubernetes on a Linux system. Namespaces are a nice feature that we can use to isolate resources in Kubernetes, without the need to create completely separate clusters. This is handy for large teams that are assigned to manage different parts of the cluster, or when we have a slew of diverse resources that should be isolated and logically separated from each other.
