Simplifying Namespaces and Resource Quotas in Kubernetes

By


 Kubernetes (K8s) excels in orchestrating containerized applications, but as projects scale, maintaining control becomes critical. This is where Namespaces and Resource Quotas step in. Let’s explore these concepts with a simple example.

Namespaces

Act as virtual clusters within a physical Kubernetes cluster. They provide logical separation, allowing you to divide resources and isolate workloads. This is particularly useful when multiple teams or projects share a single Kubernetes cluster. Each team can have their own namespace, preventing conflicts and ensuring resource isolation.

Example: Creating a Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace

Apply using :

$ kubectl apply -f namespace.yml
namespace/my-namespace created

$ kubectl get ns 
NAME              STATUS   AGE
default           Active   15d
istio-system      Active   10d
kube-node-lease   Active   15d
kube-public       Active   15d
kube-system       Active   15d
my-namespace      Active   37s
sts-app           Active   10d

Resource quotas

Enable you to control the resource consumption within a namespace. By defining limits on resources like CPUmemory, and pods, you can prevent a single namespace from monopolizing resources and ensure fair allocation among all namespaces. https://kubernetes.io/docs/concepts/policy/resource-quotas/

Example: Applying a Resource Quota

apiVersion: v1
kind: ResourceQuota
metadata:
  name: my-resource-quota
  namespace: my-namespace
spec:
  hard:
    pods: "10"
    requests.cpu: "4"
    requests.memory: 2Gi
    limits.cpu: "6"
    limits.memory: 4Gi

Apply using :

# applying resource quotas
$ kubectl apply -f resource-quotas.yml
resourcequota/my-resource-quota created

# accessing resource quotas in specified name space .
$ kubectl get quota -n my-namespace
NAME                AGE   REQUEST                                                 LIMIT
my-resource-quota   93s   pods: 0/10, requests.cpu: 0/4, requests.memory: 0/2Gi   limits.cpu: 0/6, limits.memory: 0/4Gi

Deploy some stateful applications within these quota limits.

apiVersion: apps/v1
kind: Deployment 
metadata:
  name: nginx-app
  namespace: my-namespace
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-app
  template:
    
    metadata:
      name:  nginx-app
      labels: 
        app: nginx-app
    spec:
      containers:
      - image:  gudditi/sample-web-app
        name:  nginx-app
        ports:
        - containerPort: 80
        resources:
          requests:
            cpu: "1"
            memory: "100Mi"
          limits:
            cpu: "2"
            memory: "300Mi"  

---

apiVersion: v1
kind: Service 
metadata:
  name: nginx-svc
  namespace: my-namespace
spec:
  type: NodePort
  selector:
    app: nginx-app
  ports:
  - name: http
    port:  80
    targetPort: 80


apply it :

$ kubectl apply -f deployment.yml
deployment.apps/nginx-app unchanged
service/nginx-svc unchanged

guddi@Gudditi MINGW64 ~/OneDrive/Desktop/test (main)
$ kubectl get all -n my-namespace
NAME                            READY   STATUS    RESTARTS   AGE
pod/nginx-app-cf7886869-5ngk7   1/1     Running   0          7m7s
pod/nginx-app-cf7886869-j9cpj   1/1     Running   0          7m7s
pod/nginx-app-cf7886869-m2hkz   1/1     Running   0          7m7s

NAME                TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/nginx-svc   NodePort   10.98.233.51   <none>        80:31246/TCP   7m7s

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-app   3/3     3            3           7m7s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-app-cf7886869   3         3         3       7m7s

Let’s Check Quota:

$ kubectl describe quota my-resource-quota -n my-namespace
Name:            my-resource-quota
Namespace:       my-namespace
Resource         Used   Hard
--------         ----   ----
limits.cpu       6      6
limits.memory    900Mi  4Gi
pods             3      10
requests.cpu     3      4
requests.memory  300Mi  2Gi

In summary, Namespaces provide logical isolation, while ResourceQuotas offer control over resource usage within those namespaces. Together, they are powerful tools for managing and organizing workloads in a Kubernetes cluster.

Comments

Post a Comment

Popular posts from this blog

Remote Friendly Companies

By
Image
 List of companies provide remote opportunities NAME WEBSITE REGION &yet andyet.com Worldwide 10up 10up.com Worldwide 15Five 15five.com Europe, Americas 17hats 17hats.com Worldwide 18F 18f.gsa.gov USA 1Password 1password.com North America, UK 42 Technologies 42technologies.com Worldwide abiturma abiturma.de Germany Ably ably.io Europe Abstract API abstractapi.com Worldwide acct acct.global Worldwide Acivilate acivilate.com USA Acquia acquia.com Worldwide ActiveCampaign activecampaign.com Dublin, Ireland; USA Ad Hoc adhocteam.us USA Adaface adaface.com Asia AddStructure bazaarvoice.com USA Adzuna adzuna.co.uk Worldwide AE Studio ae.studio USA, BR Aerolab aerolab.co Latin America AgFlow agflow.com Europe Aha! aha.io Worldwide Aim India aimincorp.com India Airbyte airbyte.com Europe, North America, Latin America AirGarage airgarage.com USA AirTreks airtreks.com USA Aivitex aivitex.de Germany Algorand algorand.com USA Algorithmia algorithmia.com the USA or Canada ALICE aliceplatfor...
Read more

Introduction to Istio, Kiali, Jaeger, Grafana, and Prometheus

By
Image
Are you curious about the magic behind those seamless web applications and services you use daily? Well, let's take a peek into the fascinating world of microservices and the tools that make them work like a charm: Istio, Kiali, Jaeger, Grafana, and Prometheus. These tools might sound a bit technical, but fear not! We're here to break it down in the simplest way possible. 1. Istio: The Traffic Director Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.  The control plane takes your desired configuration, and its view of the services, and dynamically programs the proxy servers, updating them as the rules or the environment changes. Before utilizing Istio After utilizing Istio Imagine you're m...
Read more

Cloud Foundry app toolchain using IBM BLUMIX

By
Image
T ask 1: Create a toolchain Open the creation page for the Develop a Cloud Foundry app toolchain by clicking Create toolchain: You can also select the Develop a Cloud Foundry app toolchain from the Toolchain templates list . Tip: For instructions to navigate to the toolchain templates and select a toolchain to create, see Navigating to the toolchain templates . On the creation page, review the diagram of the toolchain that you are about to create. Review the default information for the toolchain settings. The toolchain's name identifies it in IBM Cloud. Note: The URL to access your application must be unique. By default, the toolchain's name is used in constructing that URL. Make sure that the toolchain's name is unique within IBM Cloud. Each toolchain is associated with a specific region and resource group. Use the menus on the page to select the region and resource group where you want the toolchain created. You can have up to 200 toolchains per resource group. If you w...
Read more