Using namespace to limit access
The Hue project is moving along nicely, and we have a few hundred microservices and about 100 developers and DevOps engineers working on it. Groups of related microservices emerge, and you notice that many of these groups are pretty autonomous. They are completely oblivious to the other groups. Also, there are some sensitive areas, such as health and finance, that you will want to control access to more effectively. Enter namespaces.
Let's create a new service, Hue-finance, and put it in a new namespace called restricted
.
Here is the YAML file for the new restricted
namespace:
kind: Namespace
apiVersion: v1
metadata:
name: restricted
labels:
name: restricted
> kubectl create -f restricted-namespace.yaml
namespace "restricted" created
Once the namespace has been created, we need to configure a context for the namespace. This will allow restricting access just to this namespace:
> kubectl config set-context restricted --namespace=restricted...