Kubernetes - Namespace

 Namespace
-----------------

Like every house has their own rules. They have their own set of resources, who does what kind of stuffs.

same way in kubernetes, these houses are namespace.
- We are within a house with set of resources. These resources are created when kubernetes is set up first.
- Kubernetes creates set of pods and services for internal purpose such as those required by networking solutions, dns services etc.
- To isolate these from user and prevent from accidental deletion or modifying the services  k8s creates them in different namespace kubernetes startup called kube-system
- Another namespace that k8s creates automatically is kube-public.This is where resources is avialable to all users.
- Most of the case, we can practice on default namesapce.


so, we have three namespaces that are created during the installation of k8s
- default namespace
- kube-system
- kube-public
 
You can create your own such as
- Dev
- Test
- Prod

each name space can have their own set of rules
- User in Dev namespace can't modify the resource on Prod env
- Within the namespace you can have your rown policy specifying who can do what.
- You can allocate certain quotas of resources (cpu/mem) to each of these namesapces.
- This is gurantee certain resources is available and they can not go more than specified resources.

- Within a namespace, resources can be refer to them with their name
for eg, you have say db-serv, webserv, appserv
The webserv can connect to db server with just specifying the name
for eg, mysql.connect("db-service")

this web-app can connect to another namesapce too but it has to append the name of the name space.
for eg, you have dev and test name space and you are trying to connect from webserv on test namespace to dbserver on dev, you can connect as
mysql.connect("dbserv.dev.svc.cluster.local")

we are able to do this way because when service is created dns entry is added automatically on this format.

the last part dbserv.dev.svc.cluster.local is default domain name of the k8s cluster.
here,
cluster.local is domain
svc -> service
dev - namespace
dbserv -> name of the service

list pod on default namesapce
> kc get pods

list pods of specified name space
> kc get pods --namespace=kube-system

when you create a pod either using pod definition file, pod is created on default namespace.

$ cat pod-def.yaml
apiVerison: v1
kind: Pod
metadata:
  name: myapp-pod
  labels:
    app:myapp
    type: front-end
spec:
  containers:
  - name: nginx-controller
    image: nginx

> kc create -f pod-def.yaml

to create on another namespace
> kc create -f pod-def.yaml --namespace=dev

to speficy this pod on different namespace, you can hardcode the namespace on your yaml file

$ cat pod-def.yaml
apiVerison: v1
kind: Pod
metadata:
  name: myapp-pod
  namespace: dev
  labels:
    app:myapp
    type: front-end
spec:
  containers:
  - name: nginx-controller
    image: nginx

how to create namespace
$ cat namespace-dev.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: dev

> kc create -f namespace-dev.yaml

to create namespace on particular namespace
> kc create namespace dev

by default we are on default namespace
to displace the resources on each namespace, we have to specify
for eg,
> kc get pods
> kc get pods --namespace=dev
> kc get pods --namespace=test
> kc get pods --namespace=prod

how to set any namespace as a default?
set the current contest to the namespace you like to set default using kubectl config command.
for eg,
> kc config set-context $(kubectl config current-context) --namespace=dev
> kc get pods

at this time, you don't have to specify the name space but you have to specify other namesapce to view the resources on those namespace.

> kc get pods --namesapce=default
> kc get pods --namespace=prod

kc config set-context $(kubectl config curent-config) --namespace=dev

you set the current context to the namespace.

you can switch back and forth same way.

View pods on all namespaces
> kc get pods --all-namespace

Review
find the current context
$ kubectl config current-context

set the namespace to desired context
> kc config set-context $(kubectl context current-context) --namespace=prod

 contexts are used to manage multiple cluster, multiple environment from same management system.

To limit the resources in a namespace, create a resource quota,

$ cat quotas.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
  namespace: dev    # specify the namespace
spec:
  hard:
    pods: "10"
    requests.cpu: "4"
    requests.memory: 5Gi
    limits.cpu: "10"
   limits.memory: 10Gi

> kc create -f quotas.yaml


Lab - Namespace

1. How many Namespaces exist on the system?
Remember to use Google Chrome to open this quiz portal. It may hang going forward.

controlplane $ kc get ns | wc -l
11
controlplane $ kc get ns --no-headers | wc -l

Hint: Run the command 'kubectl get namespace' and count the number of pods.

2. How many pods exist in the 'research' namespace?

controlplane $ kc get pods --namespace=research
NAME    READY   STATUS             RESTARTS   AGE
dna-1   0/1     CrashLoopBackOff   4          2m38s
dna-2   0/1     CrashLoopBackOff   4          2m38s

controlplane $ kc get pods --namespace=research --no-headers

Hint: Run the command 'kubectl get pods --namespace=research'.

3. Create a POD in the 'finance' namespace.
Use the spec given on the right.

Name: redis
Image Name: redis

ontrolplane $ kc get pods --namespace=finance
NAME      READY   STATUS    RESTARTS   AGE
payroll   1/1     Running   0          3m32

kc run redis --image=redis --dry-run=client -o yaml > napespacce1-def.yaml
controlplane $ kc run box1 --image=redis --dry-run=client -o yaml > pod-def.yaml

$ cat pod-def.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: box1
  name: box1
  namespace: finance    # ad this entry here for namespace
spec:
  containers:
  - image: redis
    name: box1
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

controlplane $ kc apply -f pod-def.yaml
pod/box1 created

> kc -n finance get pod redis
controlplane $ kc get pods -n finance
NAME      READY   STATUS    RESTARTS   AGE
box1      1/1     Running   0          71s
payroll   1/1     Running   0          22m
redis     1/1     Running   0          9m56s

or
use oneliner,

controlplane $ kc run redis --namespace=finance --image=redis
pod/redis created
controlplane $ kc get pods --namespace=finance
NAME      READY   STATUS    RESTARTS   AGE
payroll   1/1     Running   0          13m
redis     1/1     Running   0          11s
controlplane $ kc get pods --namespace=finance --no-headers
payroll   1/1   Running   0     13m
redis     1/1   Running   0     20s


4. Which namespace has the 'blue' pod in it?
marketing   
manufacturing   
research
default

ontrolplane $ kc get pods --all-namespaces
NAMESPACE       NAME                                   READY   STATUS             RESTARTS   AGE
dev             mysql-db                               1/1     Running            0          16m
finance         payroll                                1/1     Running            0          16m
finance         redis                                  1/1     Running            0          3m6s
kube-system     coredns-f9fd979d6-2r2kq                1/1     Running            1          18m
kube-system     coredns-f9fd979d6-t9thp                1/1     Running            0          18m
kube-system     etcd-controlplane                      1/1     Running            0          18m
kube-system     kube-apiserver-controlplane            1/1     Running            0          18m
kube-system     kube-controller-manager-controlplane   1/1     Running            0          18m
kube-system     kube-flannel-ds-amd64-bdzbb            1/1     Running            2          17m
kube-system     kube-flannel-ds-amd64-shx8x            1/1     Running            0          18m
kube-system     kube-proxy-qhrfc                       1/1     Running            2          17m
kube-system     kube-proxy-twb5t                       1/1     Running            0          18m
kube-system     kube-scheduler-controlplane            1/1     Running            0          18m
manufacturing   red-app                                1/1     Running            0          16m
marketing       blue                                   1/1     Running            0          16m
marketing       mysql-db                               1/1     Running            0          16m
research        dna-1                                  0/1     CrashLoopBackOff   7          16m
research        dna-2                                  0/1     CrashLoopBackOff   7          16m

From the output, we see marketing

or
controlplane $ kc get pods --all-namespaces | grep -i blue
marketing       blue                                   1/1     Running            0          24m

Hint: Run the command 'kubectl get pods --all-namespaces'.


5. Access the Blue web application using the link above your terminal
From the UI you can ping other services
click ok to proceed.

db-service was a success. I was planning to test all of them but it did worked.

6. What DNS name should the Blue application use to access the database 'db-service' in its own namespace - 'marketing'.
You can try it in the web application UI. Use port 3306.

- db
- db-service
- blue-db-service
- mysql

controlplane $ kc get services -n marketing
NAME           TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
blue-service   NodePort   10.105.83.143    <none>        8080:30082/TCP   31m
db-service     NodePort   10.103.192.226   <none>        3306:31127/TCP   31m
controlplane $

so we see the output under Name - its db-service

6. What DNS name should the Blue application use to access the database 'db-service' in the 'dev' namespace
You can try it in the web application UI. Use port 3306.

Here we will be using different namespace. so we have to specify fully qualified name such as
db-service.name-space.svc.cluster.local

on hostname: db-service.dev.svc.cluster.local
host port: 3306