πLet's understand the concept of virtual cluster inside a "physical cluster in K8S !!"π
When we are working with a large account/organization we generally come across different types of teams/applications but everything in a single large cluster???? sounds make it very difficult to even imagine. What if we have an isolation between all those and draw some boundaries, set limits and organize?,
There comes a topic called "π΅ππππΊππππ"
β¨ What is it ?
1οΈβ£ It is a K8S object which creates virtual clusters inside the physical cluster
2οΈβ£ It is a way to divide one physical/main cluster into multiple virtual clusters and provides logical boundaries within the cluster and isolates the resources from being mismanaged.
Why do we need Namespaces?
1οΈβ£ Teams/projects can use the same cluster without interfering eachother.
2οΈβ£ Makes it easier to group resources like pods/SVC/configMaps.. logically.
3οΈβ£ We can manage clusters with thousands of resources easily.
4οΈβ£ It will Allow us to manage permissions and access controls and restrict the access to specific resources.
π How NameSpace(NS) work in K8S?
1οΈβ£ Resource Scope:
β
NS are applied to namespaced objects like Pods,SVC's, configMaps & Secrets.
β
Some resources like Nodes & Persistent volumes are cluster wide, not namespaced.
β
Resources with same name can exist in different NS without conflict.
2οΈβ£ CPU & Memory limits:
β
we can restrict/set boundaries that how much amount of resources can be consumed.
β
we can restrict how many resources can be inside the created Namespace ( ex: 5 pods/10pods).
3οΈβ£ Managing NS:
β
It is always ideal to manage the NS with manifest files instead of commands for better flexibility, re-use, simple management and changes are predicted and documented.
4οΈβ£ Default NameSpaces: (important)β
β
π«ππππππ: Used when we don't mention any specific namespace.
β
π²πππ-ππππππ: Contains critical system components like kube-dns & other controllers. ( Restricted to use until you know what you are doing).
β
π²πππ-ππππππ: Commonly used for cluster-level configuration/information which are meant to be publicly accessible accross the cluster.
β
π²πππ-πππ
π-πππππ: Used to manage the heartbeats of nodes for the node controller.
5οΈβ£ ResourceQuotas and LimitRanges:
β πΉππππππππΈππππ: Enforce overall usage limits for the Namespace ( ex: total CPU/memory/no. of pods can be created).
β π³πππππΉπππππ: Define per-resource limits within the Namespace ( ex: max& min CPU/memory per pod/container).
Use Cases:
β¨ Large organisations with multiple teams/applications.
β¨ managing different environments with in same cluster ( dev/stage/prod)
β¨ when permissions and limits required.
Noteπ: In detail information of ResourceQuota, LimitRange, Pros, Cons and best practices given in image format.
Comment down your thoughts π
Top comments (0)