Article Directory
1. Namespace concept
K8s namespace Chinese official manual:
Kubernetes supports multiple virtual clusters that rely on the same physical cluster underlying them. These virtual clusters are called namespaces.
The namespace namespace is a resource at the k8s cluster level, which can create corresponding namespaces for different users, tenants, environments or projects.
In Kubernetes, namespaces can be used to:
- Isolate different applications to avoid naming conflicts and resource competition. -
- Provide separate environments for different teams or projects so they can manage and deploy applications independently.
- Control resource quotas and access permissions to ensure secure isolation between applications.
Namespace can be abstractly understood as, QQ group, there are different friends in the group, friends are containers.
2. Basic operation of namespace
1. Two ways to create Namespace
There are two ways to create a namespace, through the command line and YAML file, as follows:
The first method: create a Namespace through the command line entry
kubectl create ns mytest
The second method: Create a Namespace through the YAML resource list
cat namespace.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: mytest
Created by apply
kubectl apply -f namespace.yaml
view namespace
kubectl get ns
kubectl get ns mytest
2. Namespace resource limit
You can use Resource Quota to limit the use of resources in the Namespace. Resource quotas are a control mechanism that can limit the use of resources in the Namespace, including CPU, memory, and storage.
Resource limits can be limited for all Pods in the Namespace, or for a single Pod:
cat resourcequota.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mytest
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: mytest-quota
namespace: mytest
spec:
hard:
requests.cpu: 2
requests.memory: 2Gi
limits.cpu: 4
limits.memory: 4Gi
Explanation of configuration meaning:
Resource Name | describe |
---|---|
limits.cpu |
The total CPU quota of all non-terminal Pods cannot exceed this value. |
limits.memory |
The total memory quota of all non-terminal Pods cannot exceed this value. |
requests.cpu |
The total CPU demand of all non-terminal Pods cannot exceed this value. |
requests.memory |
The total memory requirements of all non-terminal Pods cannot exceed this value. |
hugepages-<size> |
The total number of huge page requests for the specified size cannot exceed this value for all non-terminating pods. |
cpu |
Same as requests.cpu . |
memory |
Same as requests.memory . |
Execute the apply file
kubectl apply -f resourcequota.yaml
View Resource Quota information:
kubectl get resourcequota -n mytest
Test: Create a Pod and limit resource usage as follows:
Note: If the Namespace has resource quotas, then resources must be used to limit when creating Pods.
cat pod.yaml
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: nginx
name: web-nginx
namespace: mytest
spec:
containers:
- name: web-nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
resources:
limits:
memory: "2Gi"
cpu: "2"
requests:
memory: "1000Mi"
cpu: "500m"
View resourcequota resource limit information:
kubectl get resourcequota -n mytest
If the namespace quota limit is exceeded, an error will be reported, as shown in the figure below: