Why is Namespace needed
Although the label is good, if you only use the label, there will be a lot of labels, sometimes there will be overlaps, and it is very inconvenient to bring a bunch of labels for every query and other actions. Kubernetes provides Namespace for resource organization and division. With multiple Namespaces, systems containing many components can be divided into different groups. Namespace can also be used for multi-tenant division, so that multiple teams can share a cluster, and the resources used are divided by Namespace.
Different Namespaces can have the same name. Most resources in Kubernetes can be divided by Namespace, but some resources are not. They belong to global resources and do not belong to a certain Namespace, and will be gradually exposed later.
You can query the Namespace under the current cluster through the following command.
$ kubectl get ns
NAME STATUS AGE
default Active 36m
kube-node-realease Active 36m
kube-public Active 36m
kube-system Active 36m
So far, we are all operating under the default Namespace. When kubectl get is used without specifying the Namespace, the default Namespace is the default.
Look at what's under kube-system.
$ kubectl get po --namespace=kube-system
NAME READY STATUS RESTARTS AGE
coredns-7689f8bdf-295rk 1/1 Running 0 9m11s
coredns-7689f8bdf-h7n68 1/1 Running 0 11m
everest-csi-controller-6d796fb9c5-v22df 2/2 Running 0 9m11s
everest-csi-driver-snzrr 1/1 Running 0 12m
everest-csi-driver-ttj28 1/1 Running 0 12m
everest-csi-driver-wtrk6 1/1 Running 0 12m
icagent-2kz8g 1/1 Running 0 12m
icagent-hjz4h 1/1 Running 0 12m
icagent-m4bbl 1/1 Running 0 12m
It can be seen that kube-system has many Pods, among which coredns is used for service discovery, everest-csi is used for docking with Huawei cloud storage services, and icagent is used for docking with Huawei cloud monitoring system.
These general and necessary applications are placed in the kube-system namespace, and can be isolated from other Pods. In other namespaces, things in the kube-system namespace will not be seen, and will not affect .
Create Namespace
Use the following method to define the Namespace.
apiVersion: v1
kind: Namespace
metadata:
name: custom-namespace
Use kubectl command to create.
$ kubectl create -f custom-namespace.yaml
namespace/custom-namespace created
You can also use the kubectl create namespace command to create.
$ kubectl create namespace custom-namespace
namespace/custom-namespace created
Create resources under the specified Namespace.
$ kubectl create -f nginx.yaml -n custom-namespace
pod/nginx created
In this way, there is a Pod named nginx under default and custom-namespace.
Namespace isolation instructions
Namespace can only be divided into organizations, and it cannot be truly isolated for running objects. For example, if two Pods under the Namespace know each other's IP, and the underlying network that Kubernetes relies on does not provide network isolation between the Namespaces, then the two Pods can access each other.