Isolating Workloads with Namespaces

KubernetesKubernetesIntermediate
Practice Now

Introduction

Kubernetes provides namespaces as a way to isolate workloads and resources in a cluster. In this lab, you will learn how to use namespaces to isolate workloads and resources. You will create a namespace, deploy a simple web application in the namespace, and verify that the web application is isolated from the other resources in the cluster.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kubernetes(("`Kubernetes`")) -.-> kubernetes/TroubleshootingandDebuggingCommandsGroup(["`Troubleshooting and Debugging Commands`"]) kubernetes(("`Kubernetes`")) -.-> kubernetes/BasicCommandsGroup(["`Basic Commands`"]) kubernetes(("`Kubernetes`")) -.-> kubernetes/AdvancedCommandsGroup(["`Advanced Commands`"]) kubernetes/TroubleshootingandDebuggingCommandsGroup -.-> kubernetes/exec("`Exec`") kubernetes/BasicCommandsGroup -.-> kubernetes/get("`Get`") kubernetes/AdvancedCommandsGroup -.-> kubernetes/apply("`Apply`") subgraph Lab Skills kubernetes/exec -.-> lab-9199{{"`Isolating Workloads with Namespaces`"}} kubernetes/get -.-> lab-9199{{"`Isolating Workloads with Namespaces`"}} kubernetes/apply -.-> lab-9199{{"`Isolating Workloads with Namespaces`"}} end

Create a Namespace

In this step, you will create a namespace called webapp to isolate the web application from the other resources in the cluster.

Create a file called namespace.yaml with the following contents:

apiVersion: v1
kind: Namespace
metadata:
  name: webapp

Apply the namespace to your cluster with the following command:

kubectl apply -f namespace.yaml

Verify that the namespace was created with the following command:

kubectl get namespaces

You should see the webapp namespace in the list of namespaces.

Deploy a Web Application

In this step, you will deploy a simple web application in the webapp namespace.

Create a file called web-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: webapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80

This file creates a Deployment with one replica of a container that runs the latest version of the Nginx web server.

Apply the Deployment to your cluster with the following command:

kubectl apply -f web-app.yaml

Verify that the web application is running in the webapp namespace with the following command:

kubectl get pods -n webapp

You should see the web-app pod in the list of pods running in the webapp namespace.

Expose the Web Application

In this step, you will expose the web application to the outside world using a Kubernetes Service.

Create a file called web-app-service.yaml with the following contents:

apiVersion: v1
kind: Service
metadata:
  name: web-app
  namespace: webapp
spec:
  selector:
    app: web-app
  ports:
    - name: http
      port: 80
      targetPort: 80
  type: ClusterIP

This file creates a Service that exposes the web application to the cluster using a ClusterIP.

Apply the Service to your cluster with the following command:

kubectl apply -f web-app-service.yaml

Verify that the Service is running in the webapp namespace with the following command:

kubectl get services -n webapp

You should see the web-app service in the list of services running in the webapp namespace.

Verify Namespace Isolation

In this step, you will verify that the web application is isolated from the other resources in the cluster.

Create a file called other-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: other
spec:
  replicas: 1
  selector:
    matchLabels:
      app: other
  template:
    metadata:
      labels:
        app: other
    spec:
      containers:
        - name: nginx
          image: nginx
          ports:
            - containerPort: 80

In this file, you are creating another Deployment called other in the default namespace that runs a container with the nginx image.

Apply the Deployment to your cluster with the following command:

kubectl apply -f other-app.yaml

Verify that the Deployment is running in the default namespace with the following command:

kubectl get pods | grep other

You should see the other pod in the list of pods running in the default namespace.

Verifying Cross-Namaspace Access

First, find the name of the pod running your application by running the following command:

kubectl get pods -l app=other

You should see the other pod. Note the name of the pod.

Next, run the following command to open a shell session in the container running your application:

kubectl exec -it sh < pod-name > --

Replace with the name of the pod that you noted earlier.

Once you are in the shell session, run the following command to access the web-app Deployment:

curl web-app.webapp

You should see the HTML response from the Nginx web server.

Summary

In this lab, you learned how to use namespaces to isolate workloads and resources in a Kubernetes cluster. You created a namespace, deployed a simple web application in the namespace, exposed the web application to the outside world using a Kubernetes Service, and verified that the web application is isolated from the other resources in the cluster.

Other Kubernetes Tutorials you may like