The NamespaceClass controller allows Kubernetes administrators to define standard classes of namespaces with predefined resources that are automatically created and managed.
When a namespace is created with a specific NamespaceClass label, the controller automatically creates and manages the resources defined in the NamespaceClass. This makes it easy to standardize namespace configurations across your cluster.
- Resource Creation: Automatically creates resources (NetworkPolicies, LimitRanges, etc.) in namespaces based on their class
- Resource Management: Updates resources when the NamespaceClass changes
- Class Switching: Supports changing a namespace's class, automatically managing the transition
- Resource Cleanup: Automatically removes managed resources when a class is removed or the namespace is deleted
docker build -t namespaceclass-controller:latest .
minikube image load namespaceclass-controller:latest
minikube start
kubectl apply -f config/crd/namespaceclasses.yaml
kubectl apply -f config/deploy/deployment.yaml
kubectl apply -f config/rbac/role.yaml
kubectl apply -f config/rbac/rolebinding.yaml
kubectl apply -f config/rbac/serviceaccount.yaml
kubectl apply -f examples/public-network.yaml
kubectl apply -f examples/internal-network.yaml
kubectl apply -f examples/web-portal.yaml
kubectl describe namespaceclass public-network -o yaml
kubectl describe namespaceclass internal-network -o yaml
kubectl describe namespace web-portal -o yaml
Edit the web-portal namespace to change its label to internal-network: bash
kubectl edit namespace web-portal
Change the label to namespaceclass.akuity.io/name: internal-network. Verify the resources update
kubectl describe namespace web-portal
Modify public-network.yaml (e.g., change a NetworkPolicy rule) and reapply:
kubectl get namespaceclasses public-network -o yaml
kubectl describe namespaceclasses public-network -o yaml