Docker : Kubernetes Namespaces (default, kube-public, kube-system) and switching namespaces (kubens)

A Kubernetes namespace is a virtual cluster inside a Kubernetes cluster. Using the namespace, we can organize Kubernetes resources in namespaces and we can have multiple namespaces in a cluster.

$ kubectl get namespace
NAME              STATUS   AGE
default           Active   62m
kube-node-lease   Active   62m
kube-public       Active   62m
kube-system       Active   62m

Those four are the initial Kubernetes namespaces out of box.

The kube-public is not used much and the only interesting object in kube-public is a ConfigMap named cluster-info which is publicly accessible data via kubectl cluster-info:

$ kubectl cluster-info
Kubernetes master is running at https://127.0.0.1:32768
KubeDNS is running at https://127.0.0.1:32768/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

It is usually a good idea to leave the kube-system alone not touched (we do not want to create/modify in the kube-system), especially, in managed systems such as Google Kubernetes Engine and EKS. The components of the kube-system are system processes as well as master and kubectl processes.

The kube-node-lease is used for node heart beat and it's a recently added component. Each node has associated object in namespace and kube-node-lease contains info about the availability of a node.

So, this leave us one namespace which is default where our services and apps are created.

Let's create a namespace called "test":

$ kubectl create ns my-namespace
namespace/my-namespace created

$ kubectl get ns
NAME              STATUS   AGE
default           Active   73m
kube-node-lease   Active   73m
kube-public       Active   73m
kube-system       Active   73m
my-namespace      Active   39s

$ kubectl delete ns my-namespace
namespace "my-namespace" deleted

We can also create a namespace using yaml (ns.yaml) like any other Kubernetes resources:

apiVersion : v1
kind: Namespace
metadata:
  name: my-namespace
  labels:
    name: my-namespace

Apply the yaml file (ns.yaml):

$ kubectl apply -f ns.yaml
namespace/my-namespace created

NAME              STATUS   AGE
default           Active   79m
kube-node-lease   Active   79m
kube-public       Active   79m
kube-system       Active   79m
my-namespace      Active   57s

Let's look into one of the simplest pod definition yaml (mypod.yaml):

apiVersion: v1
kind: Pod
metadata:
  name: mypod
  labels:
    app: mypod
spec:
  containers:
    - name: mypod
      image: nginx

Note that there is no "namespace" related line in the yaml. It'll be deployed into the defalut namespace. Actually, that's the namespace currently active.

There are two ways of specifying the namespace. The first one is to use the "namespace" flag:

$ kubectl apply -f mypod.yaml --namespace=my-namespace
pod/mypod created

However, we see no pod with:

$ kubectl get pods 
No resources found.

That's because the command checks for "default" namespace. If we check against all namespaces, we can see the pod has been create under "test" namespace:

$ kubectl get pods --all-namespaces  
NAMESPACE      NAME                               READY   STATUS    RESTARTS   AGE
kube-system    coredns-66bff467f8-cpqbk           1/1     Running   1          95m
kube-system    etcd-minikube                      1/1     Running   0          44m
kube-system    kube-apiserver-minikube            1/1     Running   0          44m
kube-system    kube-controller-manager-minikube   1/1     Running   1          95m
kube-system    kube-proxy-4xws7                   1/1     Running   1          95m
kube-system    kube-scheduler-minikube            1/1     Running   1          95m
kube-system    storage-provisioner                1/1     Running   3          95m
my-namespace   mypod                              1/1     Running   0          57s

Or:

$ kubectl get pods --namespace=my-namespace
NAME    READY   STATUS    RESTARTS   AGE
mypod   1/1     Running   0          3m24s

$ kubectl get pods -n my-namespace
NAME    READY   STATUS    RESTARTS   AGE
mypod   1/1     Running   0          12m

Switching namespaces requires a couple of commands as shown in Share a Cluster with Namespaces.

We can use kubens command. But we need to install kubectx. For MacOS:

$ brew install kubectx

To see current namespace:

$ kubens
default
kube-node-lease
kube-public
kube-system
my-namespace

Current namespace is highlighted! We can switch it to "my-namespace":

$ kubens my-namespace
Context "minikube" modified.
Active namespace is "my-namespace".

$ kubens
default
kube-node-lease
kube-public
kube-system
my-namespace

Now that we're in "my-namespace" namespace, we can just issue kubectl get pods without "my-namespace" namespace flag:

$ kubectl get pods
NAME    READY   STATUS    RESTARTS   AGE
mypod   1/1     Running   0          9m35s

We can switch back to the default namespace using kubectl config set-context command as well:

$ kubectl config set-context --current --namespace=default
Context "minikube" modified.

$ kubens
default
kube-node-lease
kube-public
kube-system
my-namespace

Here are the use cases when to use namespaces:

1. Structure our Kubernetes components.
2. Avoid conflicts among teams.
3. Share services across different environments.
4. Limits access and resources at namespace level.

Here are some chaacteristics of namespaces:

1. We cannot access most of the resources in other namespaces. For example, if we have a ConfigMap for DB in one namespace, we cannot use it in another namespace to cofigure a DB. So, in such a case, each namespace should have its own ConfigMap. The same applies to Secrets as well.
2. Unlike the ConfigMap/Secrets, a service can be shared among different namespaces. In that way, each namespace can share services such as Elastic Stack, Nginx etc.
3. There are Kubernetes components that cannot be created within a namespace. In other words, they are global and we cannot isolate them in namespaces. The example of them are nodes and persistent volume and we can check it using kubectl api-resources command:

   $ kubectl api-resources --namespaced=false
   NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
   componentstatuses                 cs                                          false        ComponentStatus
   namespaces                        ns                                          false        Namespace
   nodes                             no                                          false        Node
   persistentvolumes                 pv                                          false        PersistentVolume
   mutatingwebhookconfigurations                  admissionregistration.k8s.io   false        MutatingWebhookConfiguration
   validatingwebhookconfigurations                admissionregistration.k8s.io   false        ValidatingWebhookConfiguration
   customresourcedefinitions         crd,crds     apiextensions.k8s.io           false        CustomResourceDefinition
   apiservices                                    apiregistration.k8s.io         false        APIService
   tokenreviews                                   authentication.k8s.io          false        TokenReview
   selfsubjectaccessreviews                       authorization.k8s.io           false        SelfSubjectAccessReview
   selfsubjectrulesreviews                        authorization.k8s.io           false        SelfSubjectRulesReview
   subjectaccessreviews                           authorization.k8s.io           false        SubjectAccessReview
   certificatesigningrequests        csr          certificates.k8s.io            false        CertificateSigningRequest
   ingressclasses                                 networking.k8s.io              false        IngressClass
   runtimeclasses                                 node.k8s.io                    false        RuntimeClass
   podsecuritypolicies               psp          policy                         false        PodSecurityPolicy
   clusterrolebindings                            rbac.authorization.k8s.io      false        ClusterRoleBinding
   clusterroles                                   rbac.authorization.k8s.io      false        ClusterRole
   priorityclasses                   pc           scheduling.k8s.io              false        PriorityClass
   csidrivers                                     storage.k8s.io                 false        CSIDriver
   csinodes                                       storage.k8s.io                 false        CSINode
   storageclasses                    sc           storage.k8s.io                 false        StorageClass
   volumeattachments                              storage.k8s.io                 false        VolumeAttachment    
   

   
   

   $ kubectl api-resources --namespaced=true
   NAME                        SHORTNAMES   APIGROUP                    NAMESPACED   KIND
   bindings                                                             true         Binding
   configmaps                  cm                                       true         ConfigMap
   endpoints                   ep                                       true         Endpoints
   events                      ev                                       true         Event
   limitranges                 limits                                   true         LimitRange
   persistentvolumeclaims      pvc                                      true         PersistentVolumeClaim
   pods                        po                                       true         Pod
   podtemplates                                                         true         PodTemplate
   replicationcontrollers      rc                                       true         ReplicationController
   resourcequotas              quota                                    true         ResourceQuota
   secrets                                                              true         Secret
   serviceaccounts             sa                                       true         ServiceAccount
   services                    svc                                      true         Service
   controllerrevisions                      apps                        true         ControllerRevision
   daemonsets                  ds           apps                        true         DaemonSet
   deployments                 deploy       apps                        true         Deployment
   replicasets                 rs           apps                        true         ReplicaSet
   statefulsets                sts          apps                        true         StatefulSet
   localsubjectaccessreviews                authorization.k8s.io        true         LocalSubjectAccessReview
   horizontalpodautoscalers    hpa          autoscaling                 true         HorizontalPodAutoscaler
   cronjobs                    cj           batch                       true         CronJob
   jobs                                     batch                       true         Job
   leases                                   coordination.k8s.io         true         Lease
   endpointslices                           discovery.k8s.io            true         EndpointSlice
   events                      ev           events.k8s.io               true         Event
   ingresses                   ing          extensions                  true         Ingress
   ingresses                   ing          networking.k8s.io           true         Ingress
   networkpolicies             netpol       networking.k8s.io           true         NetworkPolicy
   poddisruptionbudgets        pdb          policy                      true         PodDisruptionBudget
   rolebindings                             rbac.authorization.k8s.io   true         RoleBinding
   roles                                    rbac.authorization.k8s.io   true         Role
   

Docker & K8s

1. Docker install on Amazon Linux AMI
2. Docker install on EC2 Ubuntu 14.04
3. Docker container vs Virtual Machine
4. Docker install on Ubuntu 14.04
5. Docker Hello World Application
6. Nginx image - share/copy files, Dockerfile
7. Working with Docker images : brief introduction
8. Docker image and container via docker commands (search, pull, run, ps, restart, attach, and rm)
9. More on docker run command (docker run -it, docker run --rm, etc.)
10. Docker Networks - Bridge Driver Network
11. Docker Persistent Storage
12. File sharing between host and container (docker run -d -p -v)
13. Linking containers and volume for datastore
14. Dockerfile - Build Docker images automatically I - FROM, MAINTAINER, and build context
15. Dockerfile - Build Docker images automatically II - revisiting FROM, MAINTAINER, build context, and caching
16. Dockerfile - Build Docker images automatically III - RUN
17. Dockerfile - Build Docker images automatically IV - CMD
18. Dockerfile - Build Docker images automatically V - WORKDIR, ENV, ADD, and ENTRYPOINT
19. Docker - Apache Tomcat
20. Docker - NodeJS
21. Docker - NodeJS with hostname
22. Docker Compose - NodeJS with MongoDB
23. Docker - Prometheus and Grafana with Docker-compose
24. Docker - StatsD/Graphite/Grafana
25. Docker - Deploying a Java EE JBoss/WildFly Application on AWS Elastic Beanstalk Using Docker Containers
26. Docker : NodeJS with GCP Kubernetes Engine
27. Docker : Jenkins Multibranch Pipeline with Jenkinsfile and Github
28. Docker : Jenkins Master and Slave
29. Docker - ELK : ElasticSearch, Logstash, and Kibana
30. Docker - ELK 7.6 : Elasticsearch on Centos 7
31. Docker - ELK 7.6 : Filebeat on Centos 7
32. Docker - ELK 7.6 : Logstash on Centos 7
33. Docker - ELK 7.6 : Kibana on Centos 7
34. Docker - ELK 7.6 : Elastic Stack with Docker Compose
35. Docker - Deploy Elastic Cloud on Kubernetes (ECK) via Elasticsearch operator on minikube
36. Docker - Deploy Elastic Stack via Helm on minikube
37. Docker Compose - A gentle introduction with WordPress
38. Docker Compose - MySQL
39. MEAN Stack app on Docker containers : micro services
40. MEAN Stack app on Docker containers : micro services via docker-compose
41. Docker Compose - Hashicorp's Vault and Consul Part A (install vault, unsealing, static secrets, and policies)
42. Docker Compose - Hashicorp's Vault and Consul Part B (EaaS, dynamic secrets, leases, and revocation)
43. Docker Compose - Hashicorp's Vault and Consul Part C (Consul)
44. Docker Compose with two containers - Flask REST API service container and an Apache server container
45. Docker compose : Nginx reverse proxy with multiple containers
46. Docker & Kubernetes : Envoy - Getting started
47. Docker & Kubernetes : Envoy - Front Proxy
48. Docker & Kubernetes : Ambassador - Envoy API Gateway on Kubernetes
49. Docker Packer
50. Docker Cheat Sheet
51. Docker Q & A #1
52. Kubernetes Q & A - Part I
53. Kubernetes Q & A - Part II
54. Docker - Run a React app in a docker
55. Docker - Run a React app in a docker II (snapshot app with nginx)
56. Docker - NodeJS and MySQL app with React in a docker
57. Docker - Step by Step NodeJS and MySQL app with React - I
58. Installing LAMP via puppet on Docker
59. Docker install via Puppet
60. Nginx Docker install via Ansible
61. Apache Hadoop CDH 5.8 Install with QuickStarts Docker
62. Docker - Deploying Flask app to ECS
63. Docker Compose - Deploying WordPress to AWS
64. Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI EC2 type)
65. Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI Fargate type)
66. Docker - ECS Fargate
67. Docker - AWS ECS service discovery with Flask and Redis
68. Docker & Kubernetes : minikube
69. Docker & Kubernetes 2 : minikube Django with Postgres - persistent volume
70. Docker & Kubernetes 3 : minikube Django with Redis and Celery
71. Docker & Kubernetes 4 : Django with RDS via AWS Kops
72. Docker & Kubernetes : Kops on AWS
73. Docker & Kubernetes : Ingress controller on AWS with Kops
74. Docker & Kubernetes : HashiCorp's Vault and Consul on minikube
75. Docker & Kubernetes : HashiCorp's Vault and Consul - Auto-unseal using Transit Secrets Engine
76. Docker & Kubernetes : Persistent Volumes & Persistent Volumes Claims - hostPath and annotations
77. Docker & Kubernetes : Persistent Volumes - Dynamic volume provisioning
78. Docker & Kubernetes : DaemonSet
79. Docker & Kubernetes : Secrets
80. Docker & Kubernetes : kubectl command
81. Docker & Kubernetes : Assign a Kubernetes Pod to a particular node in a Kubernetes cluster
82. Docker & Kubernetes : Configure a Pod to Use a ConfigMap
83. AWS : EKS (Elastic Container Service for Kubernetes)
84. Docker & Kubernetes : Run a React app in a minikube
85. Docker & Kubernetes : Minikube install on AWS EC2
86. Docker & Kubernetes : Cassandra with a StatefulSet
87. Docker & Kubernetes : Terraform and AWS EKS
88. Docker & Kubernetes : Pods and Service definitions
89. Docker & Kubernetes : Service IP and the Service Type
90. Docker & Kubernetes : Kubernetes DNS with Pods and Services
91. Docker & Kubernetes : Headless service and discovering pods
92. Docker & Kubernetes : Scaling and Updating application
93. Docker & Kubernetes : Horizontal pod autoscaler on minikubes
94. Docker & Kubernetes : From a monolithic app to micro services on GCP Kubernetes
95. Docker & Kubernetes : Rolling updates
96. Docker & Kubernetes : Deployments to GKE (Rolling update, Canary and Blue-green deployments)
97. Docker & Kubernetes : Slack Chat Bot with NodeJS on GCP Kubernetes
98. Docker & Kubernetes : Continuous Delivery with Jenkins Multibranch Pipeline for Dev, Canary, and Production Environments on GCP Kubernetes
99. Docker & Kubernetes : NodePort vs LoadBalancer vs Ingress
100. Docker & Kubernetes : MongoDB / MongoExpress on Minikube
101. Docker & Kubernetes : Load Testing with Locust on GCP Kubernetes
102. Docker & Kubernetes : MongoDB with StatefulSets on GCP Kubernetes Engine
103. Docker & Kubernetes : Nginx Ingress Controller on Minikube
104. Docker & Kubernetes : Setting up Ingress with NGINX Controller on Minikube (Mac)
105. Docker & Kubernetes : Nginx Ingress Controller for Dashboard service on Minikube
106. Docker & Kubernetes : Nginx Ingress Controller on GCP Kubernetes
107. Docker & Kubernetes : Kubernetes Ingress with AWS ALB Ingress Controller in EKS
108. Docker & Kubernetes : Setting up a private cluster on GCP Kubernetes
109. Docker & Kubernetes : Kubernetes Namespaces (default, kube-public, kube-system) and switching namespaces (kubens)
110. Docker & Kubernetes : StatefulSets on minikube
111. Docker & Kubernetes : RBAC
112. Docker & Kubernetes Service Account, RBAC, and IAM
113. Docker & Kubernetes - Kubernetes Service Account, RBAC, IAM with EKS ALB, Part 1
114. Docker & Kubernetes : Helm Chart
115. Docker & Kubernetes : My first Helm deploy
116. Docker & Kubernetes : Readiness and Liveness Probes
117. Docker & Kubernetes : Helm chart repository with Github pages
118. Docker & Kubernetes : Deploying WordPress and MariaDB with Ingress to Minikube using Helm Chart
119. Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 2 Chart
120. Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 3 Chart
121. Docker & Kubernetes : Helm Chart for Node/Express and MySQL with Ingress
122. Docker & Kubernetes : Deploy Prometheus and Grafana using Helm and Prometheus Operator - Monitoring Kubernetes node resources out of the box
123. Docker & Kubernetes : Deploy Prometheus and Grafana using kube-prometheus-stack Helm Chart
124. Docker & Kubernetes : Istio (service mesh) sidecar proxy on GCP Kubernetes
125. Docker & Kubernetes : Istio on EKS
126. Docker & Kubernetes : Istio on Minikube with AWS EC2 for Bookinfo Application
127. Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part I)
128. Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part II - Prometheus, Grafana, pin a service, split traffic, and inject faults)
129. Docker & Kubernetes : Helm Package Manager with MySQL on GCP Kubernetes Engine
130. Docker & Kubernetes : Deploying Memcached on Kubernetes Engine
131. Docker & Kubernetes : EKS Control Plane (API server) Metrics with Prometheus
132. Docker & Kubernetes : Spinnaker on EKS with Halyard
133. Docker & Kubernetes : Continuous Delivery Pipelines with Spinnaker and Kubernetes Engine
134. Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-dind (docker-in-docker)
135. Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-kind (k8s-in-docker)
136. Docker & Kubernetes : nodeSelector, nodeAffinity, taints/tolerations, pod affinity and anti-affinity - Assigning Pods to Nodes
137. Docker & Kubernetes : Jenkins-X on EKS
138. Docker & Kubernetes : ArgoCD App of Apps with Heml on Kubernetes
139. Docker & Kubernetes : ArgoCD on Kubernetes cluster
140. Docker & Kubernetes : GitOps with ArgoCD for Continuous Delivery to Kubernetes clusters (minikube) - guestbook