Skip to content

Kubernetes resource quota and namespace management

In Kubernetes, Namespaces provide a mechanism to partition a single physical cluster into multiple virtual clusters.^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md] This abstraction is primarily useful in scenarios involving multiple teams or projects, allowing for the isolation of resources based on business or organizational requirements^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md]. However, for clusters with a small number of users, creating namespaces may not be necessary^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

To manage resources effectively within these partitions, Kubernetes employs tools like [[ResourceQuota]] and [[LimitRange]] to allocate or limit system resources^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

Namespace Characteristics

Namespaces dictate the scope and uniqueness of resources within the cluster^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md]:

  • Uniqueness: Resource names must be unique within the same namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • Cross-namespace duplication: Different namespaces can contain resources with identical names^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • Lifecycle: If a namespace is deleted, all resources contained within it are automatically deleted^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

Initial Namespaces

Kubernetes creates four initial namespaces upon cluster initialization^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md]:

  • default: The default namespace for objects that do not specify a namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • kube-system: Reserved for objects created by the Kubernetes system^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • kube-public: Automatically created and readable by all users (including unauthenticated ones), primarily for cluster-wide usage^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • kube-node-lease: Contains Lease objects associated with each node, used for kubelet heartbeats to detect node failures^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

Resource Management

To enforce constraints on resource usage, administrators can apply specific policies within a namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md]:

  • ResourceQuota: Used to allocate and limit the total amount of system resources (like CPU and memory) available to a namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].
  • LimitRange: Used to set default resource requests and limits for individual containers or Pods within the namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

Configuration and Usage

When creating Pods or other resources, the target namespace can be specified in the configuration file under the metadata field^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md].

Administrators can dynamically configure the default namespace for kubectl operations to avoid repeatedly specifying the --namespace flag^[400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md]. The relevant kubectl commands for management include:

  • Create: kubectl create namespace <name>
  • Set Context: kubectl config set-context --current --namespace=<name>

Sources

  • 400-devops__06-Kubernetes__k8s-ithelp__Day22__README.md