How I create new namespace in Kubernetes

Question

I work in a multi-tenant node app, I know to create a new namespace in Kubernetes is possible to run a kubectl command as follow: kubectl create namespace

Answer 1

you can create namespace using below command:

kubectl create namespace << namespace_name>>.

Please find below some examples

kubectl create namespace dev 
kubectl create namespace test
kubectl create namespace prod

To see namespace created:

kubectl get namespace   
     or  
kubectl get ns
     or 
kubectl get namespaces 

To avoid mentioning namespace in every kubectl command execution like while creating pod,deployment or any other kubernetes object, set namespace like as mentioned below:

kubectl config set-context --current --namespace=test

I hope this helped!!

Answer 2

Depends on the language in whcih your Microservice is implemeneted , you can just use the Client library inside that Microservice or write a new microservice in language of your choice, and as Answered above , use a service account with ClusterRoleBinding that can create namespaces. and you are good to go.

Client Libraries here:

• Python
• Go
• Java
• Javascript

Answer 3

It could be as simple as calling from a shell in your app:

kubectl create namespace <your-namespace-name>

Essentially, kubectl talks to the kube-apiserver.

You can also directly call the kube-apiserver. This is an example to list the pods:

$ curl -k -H 'Authorization: Bearer <token>' \
              https://$KUBERNETES_SERVICE_HOST:6443/api/<api-version>/namespaces/default/pods

More specifically to create a namespace:

$ curl -k -H -X POST -H 'Content-Type: application/json' \
                     -H 'Authorization: Bearer <token>' \
                     https://$KUBERNETES_SERVICE_HOST:6443/api/v1/namespaces/ -d '
{
    "apiVersion": "v1",
    "kind": "Namespace",
    "metadata": {
        "name": "mynewnamespace"
    }
}'

In case you are wondering about the <token>, it's a Kubernetes Secret typically belonging to a ServiceAccount and bound to a ClusterRole that allows you to create namespaces.

You can create a Service Account like this:

$ kubectl create serviceaccount namespace-creator

Then you'll see the token like this (a token is automatically generated):

$ kubectl describe sa namespace-creator
Name:                namespace-creator
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   namespace-creator-token-xxxxx
Tokens:              namespace-creator-token-xxxxx
Events:              <none>

Then you would get the secret:

$ kubectl describe secret namespace-creator-token-xxxxx
Name:         namespace-creator-token-xxxx
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: namespace-creator
              kubernetes.io/service-account.uid: <redacted>

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      <REDACTED> <== This is the token you need for Authorization: Bearer

Your ClusterRole should look something like this:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: namespace-creator
rules:
- apiGroups: ["*"]
  resources: ["namespaces"]
  verbs: ["create"]

Then you would bind it like this:

$ kubectl create clusterrolebinding namespace-creator-binding --clusterrole=namespace-creator --serviceaccount=namespace-creator

When it comes to writing code you can use any HTTP client library in any language to call the same endpoints.

There are also libraries like the client-go library that takes care of the plumbing of connecting to a kube-apiserver.