DEV Community

Cover image for Isolate Workloads with Kubernetes Namespaces
Labby for LabEx

Posted on

Isolate Workloads with Kubernetes Namespaces

Introduction

This article covers the following tech skills:

Skills Graph

Kubernetes provides namespaces as a way to isolate workloads and resources in a cluster. In this lab, you will learn how to use namespaces to isolate workloads and resources. You will create a namespace, deploy a simple web application in the namespace, and verify that the web application is isolated from the other resources in the cluster.

Create a Namespace

In this step, you will create a namespace called webapp to isolate the web application from the other resources in the cluster.

Create a file called namespace.yaml with the following contents:

apiVersion: v1
kind: Namespace
metadata:
  name: webapp
Enter fullscreen mode Exit fullscreen mode

Apply the namespace to your cluster with the following command:

kubectl apply -f namespace.yaml
Enter fullscreen mode Exit fullscreen mode

Verify that the namespace was created with the following command:

kubectl get namespaces
Enter fullscreen mode Exit fullscreen mode

You should see the webapp namespace in the list of namespaces.

Deploy a Web Application

In this step, you will deploy a simple web application in the webapp namespace.

Create a file called web-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: webapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80
Enter fullscreen mode Exit fullscreen mode

This file creates a Deployment with one replica of a container that runs the latest version of the Nginx web server.

Apply the Deployment to your cluster with the following command:

kubectl apply -f web-app.yaml
Enter fullscreen mode Exit fullscreen mode

Verify that the web application is running in the webapp namespace with the following command:

kubectl get pods -n webapp
Enter fullscreen mode Exit fullscreen mode

You should see the web-app pod in the list of pods running in the webapp namespace.

Expose the Web Application

In this step, you will expose the web application to the outside world using a Kubernetes Service.

Create a file called web-app-service.yaml with the following contents:

apiVersion: v1
kind: Service
metadata:
  name: web-app
  namespace: webapp
spec:
  selector:
    app: web-app
  ports:
    - name: http
      port: 80
      targetPort: 80
  type: ClusterIP
Enter fullscreen mode Exit fullscreen mode

This file creates a Service that exposes the web application to the cluster using a ClusterIP.

Apply the Service to your cluster with the following command:

kubectl apply -f web-app-service.yaml
Enter fullscreen mode Exit fullscreen mode

Verify that the Service is running in the webapp namespace with the following command:

kubectl get services -n webapp
Enter fullscreen mode Exit fullscreen mode

You should see the web-app service in the list of services running in the webapp namespace.

Verify Namespace Isolation

In this step, you will verify that the web application is isolated from the other resources in the cluster.

Create a file called other-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: other
spec:
  replicas: 1
  selector:
    matchLabels:
      app: other
  template:
    metadata:
      labels:
        app: other
    spec:
      containers:
        - name: nginx
          image: nginx
          ports:
            - containerPort: 80
Enter fullscreen mode Exit fullscreen mode

In this file, you are creating another Deployment called other in the default namespace that runs a container with the nginx image.

Apply the Deployment to your cluster with the following command:

kubectl apply -f other-app.yaml
Enter fullscreen mode Exit fullscreen mode

Verify that the Deployment is running in the default namespace with the following command:

kubectl get pods | grep other
Enter fullscreen mode Exit fullscreen mode

You should see the other pod in the list of pods running in the default namespace.

Verifying Cross-Namaspace Access

First, find the name of the pod running your application by running the following command:

kubectl get pods -l app=other
Enter fullscreen mode Exit fullscreen mode

You should see the other pod. Note the name of the pod.

Next, run the following command to open a shell session in the container running your application:

kubectl exec -it sh < pod-name > --
Enter fullscreen mode Exit fullscreen mode

Replace with the name of the pod that you noted earlier.

Once you are in the shell session, run the following command to access the web-app Deployment:

curl web-app.webapp
Enter fullscreen mode Exit fullscreen mode

You should see the HTML response from the Nginx web server.

Summary

In this lab, you learned how to use namespaces to isolate workloads and resources in a Kubernetes cluster. You created a namespace, deployed a simple web application in the namespace, exposed the web application to the outside world using a Kubernetes Service, and verified that the web application is isolated from the other resources in the cluster.

MindMap


πŸš€ Practice Now: Isolating Workloads with Namespaces


Want to Learn More?

Top comments (0)