Оффлайн
- Регистрация
- 1 Мар 2015
- Сообщения
- 1,481
- Баллы
- 155
?Let's understand the concept of virtual cluster inside a "physical cluster in K8S !!"?
When we are working with a large account/organization we generally come across different types of teams/applications but everything in a single large cluster???? sounds make it very difficult to even imagine. What if we have an isolation between all those and draw some boundaries, set limits and organize?,
There comes a topic called "?????????"
What is it ?
It is a K8S object which creates virtual clusters inside the physical cluster
It is a way to divide one physical/main cluster into multiple virtual clusters and provides logical boundaries within the cluster and isolates the resources from being mismanaged.Why do we need Namespaces?
Teams/projects can use the same cluster without interfering eachother. Makes it easier to group resources like pods/SVC/configMaps.. logically.
We can manage clusters with thousands of resources easily.
It will Allow us to manage permissions and access controls and restrict the access to specific resources.? How NameSpace(NS) work in K8S?
Resource Scope:
NS are applied to namespaced objects like Pods,SVC's, configMaps & Secrets. Some resources like Nodes & Persistent volumes are cluster wide, not namespaced. Resources with same name can exist in different NS without conflict. CPU & Memory limits: we can restrict/set boundaries that how much amount of resources can be consumed. we can restrict how many resources can be inside the created Namespace ( ex: 5 pods/10pods). Managing NS: It is always ideal to manage the NS with manifest files instead of commands for better flexibility, re-use, simple management and changes are predicted and documented. Default NameSpaces: (important)
???????: Used when we don't mention any specific namespace.????-??????: Contains critical system components like kube-dns & other controllers. ( Restricted to use until you know what you are doing). ????-??????: Commonly used for cluster-level configuration/information which are meant to be publicly accessible accross the cluster. ????-????-?????: Used to manage the heartbeats of nodes for the node controller.
ResourceQuotas and LimitRanges: ?????????????: Enforce overall usage limits for the Namespace ( ex: total CPU/memory/no. of pods can be created). ???????????: Define per-resource limits within the Namespace ( ex: max& min CPU/memory per pod/container).Use Cases:
Large organisations with multiple teams/applications. managing different environments with in same cluster ( dev/stage/prod) when permissions and limits required.Note?: In detail information of ResourceQuota, LimitRange, Pros, Cons and best practices given in image format.
Comment down your thoughts ?