Skip to content

Namespaces

Namespaces are groups of apps, containers, volumes, and other resources.

Creating

Create the file my-ns.yaml with the following content, where johank is your project name

my-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: johank-myfirstns

Try to install it on Kubernetes with

kubectl create -f my-ns.yaml

ICE Connect will stop you because my-ns.yaml is missing projectId.

Error from server: admission webhook "iceguard-server.iceguard-webhook.svc"
denied the request: Failed to find field.cattle.io/projectId annotation, please
add it to your yaml file, here are some suggestions:

To add a new namespace to project: johank, try the following yaml:
apiVersion: v1
kind: Namespace
metadata:
   annotations:
       field.cattle.io/projectId:  c-tmfxj:p-h7kxq

Add the last two rows to my-ns.yaml

my-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: johank-myfirstns
  annotations:
    field.cattle.io/projectId: c-tmfxj:p-h7kxq

Run kubectl create -f my-ns.yaml again, and it will succeed.

Delete the namespace with

kubectl delete -f my-ns.yaml

Default namespace

To avoid specifying -n or --namespace in all kubectl commands - set a default namespace

kubectl config set-context --current --namespace=johank-myfirstns

Check the current namespace context with

kubectl config get-contexts icekube
CURRENT   NAME      CLUSTER   AUTHINFO   NAMESPACE
*         icekube   icekube   icekube    johank-myfirstns

Managing quotas

By default, a namespace inherits the default limits and requests (reservation) values specified for the user's Rancher project. An error will be generated if any of these values exceed the project quotas.

However, a user can override the default values and specify resource limits for a specific namespace. This makes it possible to give a certain namespace more resources than another. Two additional annotations are used to specify resource and request limits for a namespace, as shown below:

Namespace resource quota

field.cattle.io/resourceQuota: {
    "limit":{
        "requestsCpu":"1000m",
        "requestsMemory":"1024Mi",
        "requestsStorage":"1Gi",
        "limitsMemory":"1024Mi"
    }
}

These defaults are set on containers with no limits specified. Optional, but the user must manually set limits on Pods if not specified. See the next section for more information.

field.cattle.io/containerDefaultResourceLimit: {
    "requestsCpu":"500m",
    "requestsMemory":"256Mi",
    "limitsMemory":"256Mi"
}

The following attribute values are possible to specify in the JSON format above.

  • limitsMemory - Limit on max RAM usage
  • requestsMemory - Reserved RAM usage
  • requestsStorage - Reserved size of hard drive
  • persistentVolumeClaims - Limits the number of persistent storage devices
  • requestsCpu - Reserved CPU usage
  • (limitsCpu) - Optional. When not specified, pods will use all free CPU cores available (up to 64). However, in some circumstances, it might be appropriate to use it.

Below is an example of resource quota in a namespace file.

my-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: johank-myfirstns
  annotations:
    field.cattle.io/projectId: c-tmfxj:p-h7kxq
    field.cattle.io/containerDefaultResourceLimit: |
      {"requestsCpu":"500m","requestsMemory":"256Mi","limitsMemory":"256Mi"}
    field.cattle.io/resourceQuota: |
      {"limit":{"requestsCpu":"1000m","requestsMemory":"1024Mi","requestsStorage":"1Gi","limitsMemory":"1024Mi"}}

Note that the annotations above are automatically set by Rancher if the namespace is created from the Rancher Web UI.

Read the namespace quotas using the command below.

kubectl get ns johank-myfirstns -o=go-template='{{index .metadata.annotations "field.cattle.io/resourceQuota"}}'
{
  "limit": {
    "limitsMemory": "1024Mi",
    "requestsCpu": "1000m",
    "requestsMemory": "1024Mi",
    "requestsStorage": "1Gi"
  }
}