Isolate Workloads with Kubernetes Namespaces

LabEx
4 min readSep 29, 2024

--

Cover

Introduction

This article covers the following tech skills:

Skills Graph

Kubernetes provides namespaces as a way to isolate workloads and resources in a cluster. In this lab, you will learn how to use namespaces to isolate workloads and resources. You will create a namespace, deploy a simple web application in the namespace, and verify that the web application is isolated from the other resources in the cluster.

Create a Namespace

In this step, you will create a namespace called webapp to isolate the web application from the other resources in the cluster.

Create a file called namespace.yaml with the following contents:

apiVersion: v1
kind: Namespace
metadata:
name: webapp

Apply the namespace to your cluster with the following command:

kubectl apply -f namespace.yaml

Verify that the namespace was created with the following command:

kubectl get namespaces

You should see the webapp namespace in the list of namespaces.

Deploy a Web Application

In this step, you will deploy a simple web application in the webapp namespace.

Create a file called web-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
namespace: webapp
spec:
replicas: 1
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80

This file creates a Deployment with one replica of a container that runs the latest version of the Nginx web server.

Apply the Deployment to your cluster with the following command:

kubectl apply -f web-app.yaml

Verify that the web application is running in the webapp namespace with the following command:

kubectl get pods -n webapp

You should see the web-app pod in the list of pods running in the webapp namespace.

Expose the Web Application

In this step, you will expose the web application to the outside world using a Kubernetes Service.

Create a file called web-app-service.yaml with the following contents:

apiVersion: v1
kind: Service
metadata:
name: web-app
namespace: webapp
spec:
selector:
app: web-app
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP

This file creates a Service that exposes the web application to the cluster using a ClusterIP.

Apply the Service to your cluster with the following command:

kubectl apply -f web-app-service.yaml

Verify that the Service is running in the webapp namespace with the following command:

kubectl get services -n webapp

You should see the web-app service in the list of services running in the webapp namespace.

Verify Namespace Isolation

In this step, you will verify that the web application is isolated from the other resources in the cluster.

Create a file called other-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
name: other
spec:
replicas: 1
selector:
matchLabels:
app: other
template:
metadata:
labels:
app: other
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80

In this file, you are creating another Deployment called other in the default namespace that runs a container with the nginx image.

Apply the Deployment to your cluster with the following command:

kubectl apply -f other-app.yaml

Verify that the Deployment is running in the default namespace with the following command:

kubectl get pods | grep other

You should see the other pod in the list of pods running in the default namespace.

Verifying Cross-Namaspace Access

First, find the name of the pod running your application by running the following command:

kubectl get pods -l app=other

You should see the other pod. Note the name of the pod.

Next, run the following command to open a shell session in the container running your application:

kubectl exec -it sh < pod-name > --

Replace with the name of the pod that you noted earlier.

Once you are in the shell session, run the following command to access the web-app Deployment:

curl web-app.webapp

You should see the HTML response from the Nginx web server.

Summary

In this lab, you learned how to use namespaces to isolate workloads and resources in a Kubernetes cluster. You created a namespace, deployed a simple web application in the namespace, exposed the web application to the outside world using a Kubernetes Service, and verified that the web application is isolated from the other resources in the cluster.

MindMap

Want to Learn More?

--

--

LabEx
LabEx

Written by LabEx

LabEx is an AI-assisted, hands-on learning platform for tech enthusiasts, covering Programming, Data Science, Linux and other areas.

No responses yet