Introduction
This article covers the following tech skills:
Kubernetes provides namespaces as a way to isolate workloads and resources in a cluster. In this lab, you will learn how to use namespaces to isolate workloads and resources. You will create a namespace, deploy a simple web application in the namespace, and verify that the web application is isolated from the other resources in the cluster.
Create a Namespace
In this step, you will create a namespace called webapp
to isolate the web application from the other resources in the cluster.
Create a file called namespace.yaml
with the following contents:
apiVersion: v1
kind: Namespace
metadata:
name: webapp
Apply the namespace to your cluster with the following command:
kubectl apply -f namespace.yaml
Verify that the namespace was created with the following command:
kubectl get namespaces
You should see the webapp
namespace in the list of namespaces.
Deploy a Web Application
In this step, you will deploy a simple web application in the webapp
namespace.
Create a file called web-app.yaml
with the following contents:
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
namespace: webapp
spec:
replicas: 1
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
This file creates a Deployment with one replica of a container that runs the latest version of the Nginx web server.
Apply the Deployment to your cluster with the following command:
kubectl apply -f web-app.yaml
Verify that the web application is running in the webapp
namespace with the following command:
kubectl get pods -n webapp
You should see the web-app
pod in the list of pods running in the webapp
namespace.
Expose the Web Application
In this step, you will expose the web application to the outside world using a Kubernetes Service.
Create a file called web-app-service.yaml
with the following contents:
apiVersion: v1
kind: Service
metadata:
name: web-app
namespace: webapp
spec:
selector:
app: web-app
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP
This file creates a Service that exposes the web application to the cluster using a ClusterIP.
Apply the Service to your cluster with the following command:
kubectl apply -f web-app-service.yaml
Verify that the Service is running in the webapp
namespace with the following command:
kubectl get services -n webapp
You should see the web-app
service in the list of services running in the webapp
namespace.
Verify Namespace Isolation
In this step, you will verify that the web application is isolated from the other resources in the cluster.
Create a file called other-app.yaml
with the following contents:
apiVersion: apps/v1
kind: Deployment
metadata:
name: other
spec:
replicas: 1
selector:
matchLabels:
app: other
template:
metadata:
labels:
app: other
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
In this file, you are creating another Deployment called other
in the default namespace that runs a container with the nginx
image.
Apply the Deployment to your cluster with the following command:
kubectl apply -f other-app.yaml
Verify that the Deployment is running in the default namespace with the following command:
kubectl get pods | grep other
You should see the other
pod in the list of pods running in the default namespace.
Verifying Cross-Namaspace Access
First, find the name of the pod running your application by running the following command:
kubectl get pods -l app=other
You should see the other
pod. Note the name of the pod.
Next, run the following command to open a shell session in the container running your application:
kubectl exec -it sh < pod-name > --
Replace with the name of the pod that you noted earlier.
Once you are in the shell session, run the following command to access the web-app
Deployment:
curl web-app.webapp
You should see the HTML response from the Nginx web server.
Summary
In this lab, you learned how to use namespaces to isolate workloads and resources in a Kubernetes cluster. You created a namespace, deployed a simple web application in the namespace, exposed the web application to the outside world using a Kubernetes Service, and verified that the web application is isolated from the other resources in the cluster.
π Practice Now: Isolating Workloads with Namespaces
Want to Learn More?
- π³ Learn the latest Kubernetes Skill Trees
- π Read More Kubernetes Tutorials
- π¬ Join our Discord or tweet us @WeAreLabEx
Top comments (0)