Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How I create new namespace in Kubernetes

Tags:

kubernetes

I work in a multi-tenant node app, I know to create a new namespace in Kubernetes is possible to run a kubectl command as follow: kubectl create namespace <namespace name>

How can I create a new namespace from node Microservices when a new customer make a sign up for a new account?

Is there some kubectl API to make a request from an external app?

Is necessary for the user to log out from app, destroy the pods created in kubernetes?

like image 664
Brygom Avatar asked Oct 20 '18 00:10

Brygom


People also ask

How do I create a namespace pod?

Creating Resources in the NamespaceIf you run a `kubectl apply` on this file, it will create the Pod in the current active namespace. This will be the “default” namespace unless you change it. There are two ways to explicitly tell Kubernetes in which Namespace you want to create your resources.

How many namespaces we can create in Kubernetes?

Kubernetes comes with three namespaces out-of-the-box.

What is namespace in Kubernetes?

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces.


1 Answers

It could be as simple as calling from a shell in your app:

kubectl create namespace <your-namespace-name> 

Essentially, kubectl talks to the kube-apiserver.

You can also directly call the kube-apiserver. This is an example to list the pods:

$ curl -k -H 'Authorization: Bearer <token>' \               https://$KUBERNETES_SERVICE_HOST:6443/api/<api-version>/namespaces/default/pods 

More specifically to create a namespace:

$ curl -k -H -X POST -H 'Content-Type: application/json' \                      -H 'Authorization: Bearer <token>' \                      https://$KUBERNETES_SERVICE_HOST:6443/api/v1/namespaces/ -d ' {     "apiVersion": "v1",     "kind": "Namespace",     "metadata": {         "name": "mynewnamespace"     } }' 

In case you are wondering about the <token>, it's a Kubernetes Secret typically belonging to a ServiceAccount and bound to a ClusterRole that allows you to create namespaces.

You can create a Service Account like this:

$ kubectl create serviceaccount namespace-creator 

Then you'll see the token like this (a token is automatically generated):

$ kubectl describe sa namespace-creator Name:                namespace-creator Namespace:           default Labels:              <none> Annotations:         <none> Image pull secrets:  <none> Mountable secrets:   namespace-creator-token-xxxxx Tokens:              namespace-creator-token-xxxxx Events:              <none> 

Then you would get the secret:

$ kubectl describe secret namespace-creator-token-xxxxx Name:         namespace-creator-token-xxxx Namespace:    default Labels:       <none> Annotations:  kubernetes.io/service-account.name: namespace-creator               kubernetes.io/service-account.uid: <redacted>  Type:  kubernetes.io/service-account-token  Data ==== ca.crt:     1025 bytes namespace:  7 bytes token:      <REDACTED> <== This is the token you need for Authorization: Bearer 

Your ClusterRole should look something like this:

kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:   name: namespace-creator rules: - apiGroups: ["*"]   resources: ["namespaces"]   verbs: ["create"] 

Then you would bind it like this:

$ kubectl create clusterrolebinding namespace-creator-binding --clusterrole=namespace-creator --serviceaccount=namespace-creator 

When it comes to writing code you can use any HTTP client library in any language to call the same endpoints.

There are also libraries like the client-go library that takes care of the plumbing of connecting to a kube-apiserver.

like image 178
Rico Avatar answered Oct 03 '22 20:10

Rico