DEV Community

Anil Kumar
Anil Kumar

Posted on

๐Ÿ”ฅVirtual cluster inside a K8S cluster ๐Ÿ”ฅ

#kubernetes #programming #devops #automation

Image description

Image description

Image description

Image description

๐ŸŒŸLet's understand the concept of virtual cluster inside a "physical cluster in K8S !!"๐ŸŒŸ

When we are working with a large account/organization we generally come across different types of teams/applications but everything in a single large cluster???? sounds make it very difficult to even imagine. What if we have an isolation between all those and draw some boundaries, set limits and organize?,

There comes a topic called "๐‘ต๐’‚๐’Ž๐’†๐‘บ๐’‘๐’‚๐’„๐’†"

โœจ What is it ?
1๏ธโƒฃ It is a K8S object which creates virtual clusters inside the physical cluster

2๏ธโƒฃ It is a way to divide one physical/main cluster into multiple virtual clusters and provides logical boundaries within the cluster and isolates the resources from being mismanaged.

Why do we need Namespaces?
1๏ธโƒฃ Teams/projects can use the same cluster without interfering eachother.
2๏ธโƒฃ Makes it easier to group resources like pods/SVC/configMaps.. logically.
3๏ธโƒฃ We can manage clusters with thousands of resources easily.
4๏ธโƒฃ It will Allow us to manage permissions and access controls and restrict the access to specific resources.

๐ŸŒŸ How NameSpace(NS) work in K8S?
1๏ธโƒฃ Resource Scope:
โœ… NS are applied to namespaced objects like Pods,SVC's, configMaps & Secrets.
โœ… Some resources like Nodes & Persistent volumes are cluster wide, not namespaced.
โœ… Resources with same name can exist in different NS without conflict.

2๏ธโƒฃ CPU & Memory limits:
โœ… we can restrict/set boundaries that how much amount of resources can be consumed.
โœ… we can restrict how many resources can be inside the created Namespace ( ex: 5 pods/10pods).

3๏ธโƒฃ Managing NS:
โœ… It is always ideal to manage the NS with manifest files instead of commands for better flexibility, re-use, simple management and changes are predicted and documented.

4๏ธโƒฃ Default NameSpaces: (important)โ—

โœ… ๐‘ซ๐’†๐’‡๐’‚๐’–๐’๐’•: Used when we don't mention any specific namespace.
โœ…๐‘ฒ๐’–๐’ƒ๐’†-๐’”๐’š๐’”๐’•๐’†๐’Ž: Contains critical system components like kube-dns & other controllers. ( Restricted to use until you know what you are doing).
โœ… ๐‘ฒ๐’–๐’ƒ๐’†-๐’‘๐’–๐’ƒ๐’๐’Š๐’„: Commonly used for cluster-level configuration/information which are meant to be publicly accessible accross the cluster.
โœ… ๐‘ฒ๐’–๐’ƒ๐’†-๐’๐’๐’…๐’†-๐’๐’†๐’‚๐’”๐’†: Used to manage the heartbeats of nodes for the node controller.

5๏ธโƒฃ ResourceQuotas and LimitRanges:

โœ… ๐‘น๐’†๐’”๐’๐’–๐’“๐’„๐’†๐‘ธ๐’–๐’๐’•๐’‚: Enforce overall usage limits for the Namespace ( ex: total CPU/memory/no. of pods can be created).

โœ… ๐‘ณ๐’Š๐’Ž๐’Š๐’•๐‘น๐’‚๐’๐’ˆ๐’†๐’”: Define per-resource limits within the Namespace ( ex: max& min CPU/memory per pod/container).

Use Cases:
โœจ Large organisations with multiple teams/applications.
โœจ managing different environments with in same cluster ( dev/stage/prod)
โœจ when permissions and limits required.

Note๐Ÿ“: In detail information of ResourceQuota, LimitRange, Pros, Cons and best practices given in image format.

Comment down your thoughts ๐Ÿ’ญ

Top comments (0)