Smriti's blog

Day 33 - Namespaces, Services and Networking in K8s

Smriti Sharma's photo
Smriti Sharma
·

8 min read

Day 33 - Namespaces, Services and Networking in K8s

Table of contents

In this blog, we will be look into Namespaces, Services and Networking in K8s. And will be working with Namespaces.✍

What are Namespaces?

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces.

Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).

By default, all objects are created in the “default” namespace, but administrators can create additional namespaces and apply resource quotas, network policies, and access controls to them.

Namespaces also facilitate resource management, monitoring, and troubleshooting, making it easier to organize, secure, and scale Kubernetes deployments.

Why use Kubernetes namespaces?

There are many use cases for Kubernetes namespaces, including:

  • Allowing teams or projects to exist in their own virtual clusters without fear of impacting each other’s work.

  • Enhancing role-based access controls (RBAC) by limiting users and processes to certain namespaces.

  • Enabling the dividing of a cluster’s resources between multiple teams and users via resource quotas.

  • Providing an easy method of separating development, testing, and deployment of containerized applications enabling the entire lifecycle to take place on the same cluster.

Different Namespaces in Cluster

There are three initial namespaces in cluster: -

  1. Default Namespace: For objects with no other namespaces defined.

  2. Kube-system Namespace: For objects created by K8s system itself.

  3. Kube-public Namespace: For objects that are publicly readable to all the users.

Create a Namespace for Deployment

Let's create a namespace for our deployment.✨

Step 1: Login to AWS Console. And connect to the instances which we created in previous blog: Deploy a sample todo app on k8s.

Step 2: After connecting, Clone the repository on the master, if you have not.
Repository link: django-todo-cicd.

git clone https://github.com/Smriti0821/django-todo-cicd.git

Step 3: Create a namespace for your deployment and list out all namespaces.

kubectl create namespace <namespace-name> 
Ex: kubectl create namespace my-django-app

# List out all the name space
kubectl get namespace

Step 4: Update the deployment.yml file to include the Namespace

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-django-app-deployment
  namespace: my-django-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: django-app
  template:
    metadata:
      labels:
        app: django-app
    spec:
      containers:
      - name: django-app-deployment
        image: mudit097/django-todo:latest
        ports:
        - containerPort: 8000

Step 5: Apply the updated deployment using the below command:

kubectl apply -f deployment.yml

Step 6: Verify that the Namespace has been created by checking the status of the Namespaces in your cluster.

kubectl get pods -n=my-django-app

Step 7: We can scale the pod by modifying the number of the replicas in the deployment

 kubectl scale deployment my-django-app-deployment --replicas=10 -n=my-django-app

Hooray!!! You have completed the steps to create a namespaces for your deployment.✌😎

What are the Services in K8s?

A Kubernetes service is a logical abstraction for a deployed group of pods in a cluster (which all perform the same function).

Since pods are ephemeral, a service enables a group of pods, which provide specific functions (web services, image processing, etc.) to be assigned a name and unique IP address (clusterIP). As long as the service is running that IP address, it will not change. Services also define policies for their access.

In other words, service enables communication between various components within and outside of the application or front-end and backend pods and helps establishing connectivity to an external data source. It helps us to connect application together with other applications or users.

Benefits of Having Services

Services are used in Kubernetes for several reasons:

  1. Load balancing: Services provide a single, stable IP address and DNS name for a set of Pods, distributing traffic among them and ensuring that requests are handled by healthy instances.

  2. Service discovery: Services allow other parts of the application to discover and communicate with Pods, even if their IP addresses change due to scaling or failure.

  3. Port mapping: Services enable backends running on different ports or nodes to be accessed through a single, well-known port or endpoint, simplifying configuration and management.

  4. External access: Services can be used to expose applications running inside the cluster to external users or to provide access to external resources, such as databases or APIs.

Components of a K8s Services

Kubernetes services connect a set of pods to an abstracted service name and IP address. Services provide discovery and routing between pods. For example, services connect an application front-end to its backend, each of which running in separate deployments in a cluster.

Services use labels and selectors to match pods with other applications. The core attributes of a Kubernetes service are:

  • A label selector that locates pods

  • The clusterIP IP address and assigned port number

  • Port definitions

  • Optional mapping of incoming ports to a targetPort

Services can be defined without pod selectors. For example, to point a service to another service in a different namespace or cluster.

Types of K8s Services

There are 4 types of K8s Services. They are: -

  • ClusterIP Service: Exposes a service which is only accessible from within the cluster. This service creates a virtual IP inside the cluster to enable communication between different services.

  • NodePort Service: Exposes a service via a static port on each node’s IP. This service listen to a port on the node and forward request on that port to a port on the pod running the application.
    Port on the node: which is used to access the web server externally. It can only be in a valid range which by default is from 30,000 - 32,767.
    Port on the pod: where the actual web server is running, also known as TargetPort because here the service forward the request.

  • LoadBalancer Service: Exposes the service via the cloud provider’s load balancer. For clusters running on public cloud providers like AWS or Azure, creating a load LoadBalancer service provides an equivalent to a clusterIP service, extending it to an external load balancer that is specific to the cloud provider. Kubernetes will automatically create the load balancer, provide firewall rules if needed, and populate the service with the external IP address assigned by the cloud provider.

  • ExternalName Service: Maps a service to a predefined externalName field by returning a value for the CNAME record.

How do you access a Kubernetes service?

There are two ways to discover a Kubernetes service:

  1. DNS (most common): The DNS method is the recommended method of discovering services. To use this method, a DNS server must first be installed on the cluster. The DNS server monitors the Kubernetes API, and when a new service is created its name becomes available for easy resolution for requesting applications.

  2. ENV variable: This method relies on the kubelet adding environment variables for each active service for every node a pod is running on.

Networking in K8s

Networking in Kubernetes is the process of connecting Pods and Services within a cluster to enable communication between them. Kubernetes provides a flexible and extensible networking model that allows developers to build complex applications with ease.

To enable communication between Pods and Services, Kubernetes uses a network overlay, such as Calico, Flannel, or Weave Net, which provides virtual network interfaces and routing rules to connect Pods and Services across nodes in the cluster.

Kubernetes networking uses a flat, shared network space, with each Pod assigned a unique IP address within the cluster. Pods can communicate with each other directly using these IP addresses, without the need for port mapping or NAT.

Networking Key Concepts

  1. Pod-to-Pod Communication: Pods can communicate with each other directly using their IP addresses. Kubernetes assigns each Pod an IP within the cluster's network, allowing seamless communication.

  2. Service Discovery: Kubernetes DNS (Domain Name System) allows Pods and Services to discover each other by name. Pods can access Services using the Service name as a DNS entry.

  3. Network Policies: Network policies allow you to define rules for network communication between Pods, providing fine-grained control over traffic flow and access within the cluster.

  4. Ingress Controllers: Ingress controllers manage external access to Services, typically by providing HTTP and HTTPS routing and load balancing. They allow you to define routing rules to access Services from outside the cluster.

  5. CNI (Container Network Interface): Kubernetes supports multiple CNI plugins that enable network providers to integrate their network solutions with Kubernetes. CNI plugins handle network configuration and management for Pods.

Conclusion

In Conclusion, Namespaces provide a way to create isolated environments within a cluster, allowing multiple teams or applications to coexist without interfering with each other. They serve as a logical boundary for resources, such as pods and services.

Services in Kubernetes enable communication and discovery between different parts of an application or between applications. They abstract the underlying network details, providing a stable endpoint for communication. Services can be exposed internally or externally, allowing for flexible connectivity within the cluster or from external sources.

Networking in Kubernetes involves the orchestration of network connectivity between various components, including pods, services, and external resources. Kubernetes manages network routing, load balancing, and service discovery to ensure seamless communication within the cluster.

Overall, Namespaces, Services, and Networking are essential components in Kubernetes, contributing to the organization, isolation, and efficient communication of applications within a distributed environment.

Hope you find it helpful🤞 So I encourage you to try this on your own and let me know in the comment section👇 about your learning experience.✨

*👆The information presented above is based on my interpretation. Suggestions are always welcome.*😊

~Smriti Sharma✌

Devops#90daysofdevopsTrainWithShubham#shubhamLondheKubernetes#namespacesservicesnetworking