The basis of Cloud Z CP Kubernetes Supports multiple virtual clusters supported by the same physical cluster. These virtual clusters are called namespaces.
For more detailed information. Please refer to Namespaces.
Namespace lookup
Existing namespaces can be viewed in card or list format.
You can view resource usage such as CPU Request, Memory Request, CPU Limit, and Memory Limit by namespace.
You can go to the dashboard where you can see the current status of the namespace and more detailed information about the namespace.
View in card format
If you want to view the namespaces intuitively, you can view them in card format.
If you want to view the namespaces intuitively, you can view them in card format.
- Select Namespaces from the side menu.
In card format, you can see the following information by namespace:
- Namespace Name: A unique value to distinguish the Namespace. Clicking the link allows you to change the details of the Namespace.
- Creation Date: The date and time the namespace was created.
- Number of users: The number of users with permissions to the namespace.
- situation
- green(Active): The namespace is in use.
- gray(Terminating): The namespace is being deleted and cannot be used for new Objects.
- Resource Utilization
- (The value actually being used / the value set in Resource Quotas) is displayed.
- Green if less than 50%, Blue if more than 50%, If it is over 80%, it will be displayed in red.
- The following four Resources are displayed:
- CPU Request: The percentage of the Namespace set to Resource Quotas.
- CPU Limit:
- Memory Request:
- Memory Limit:
- Namespace Management
- Go to Dashboard screen: Go to the Dashboard screen where you can view more detailed information about the Namespace.
- Delete Namespace: Deletes a Namespace.
View as list
If you want to see more information about a namespace at once, you can view it in list form.
To view the namespaces as a list:
- Select Namespaces from the side menu.
In list form, you can see the following information:
- Namespace Name: Click on the link to see detailed information.
- Resource Utilization
- (The value actually being used / the value set in Resource Quotas) is displayed.
- If it is below 50%, it is displayed in green, if it is above 50%, it is displayed in blue, and if it is above 80%, it is displayed in red.
- The following four Resources are displayed:
- CPU Request: Based on the CPU Request value set in Resource Quotas.
- CPU Limit: Based on the CPU Limit value set in Resource Quotas.
- Memory Request: Based on the Memory Request value set in Resource Quotas.
- Memory Limit: Based on the Memory Limit value set in Resource Quotas.
- Number of users: The number of users with permissions to the Namespace.
- Status: The current status of the Namespace.
- Active: The namespace is in use.
- Terminating: The namespace is being deleted and cannot be used for new Objects.
- Creation Date: The date and time the namespace was created.
- management
- Delete: Deletes a Namespace.
Create a namespace
To create a new namespace:
- Select Namespaces from the side menu.
- Click (Add Namespace) in the top right, or if you are in card view, click after the last card.
- When the Add Namespace screen appears, enter the following information:
Namespace Name: A unique value to distinguish the namespace. Enter 3 to 30 characters starting with an alphabet and consisting of alphabets and numbers.ZDB Namespace: Set whether to use the ZDB namespace. If set to ON, you can check it in the ZDB Console. ((info) ZCP v1.1 update feature)
Resource Quotas: For detailed information on each item, refer to Resource Quotas.
Pod Default Limit Range: For detailed information on each item, refer to Pod Default Limit Range. - Once you have entered all the information, click Confirm.
When you create a Namespace, a Folder for Build and Deployment (Jenkins) is created with the Namespace name.
Namespace search
You can search for a Namespace by its Namespace name.
- Enter your search term in the search field above the Namespace list. Enter the Namespace name as your search term.
Configuring Namespace Resources
Set labels, Resource Quotas, and Pod Default Limit Range for the namespace.
Go to the Resource Configuration screen
- Select Namespaces from the side menu.
- Click the link associated with the Namespace name.
- The Resource Configuration tab of the Namespace management screen appears immediately.
Add a label
A label is a key/value pair that specifies an identifying property of an Object that is meaningful to the user.
- Enter values in the text field below the label in the format key=value. For example, if the key is environment and the value is production, enter environment=production.
- Click the Add button.
- When the pop-up screen appears, click OK.
See Labels for more details.
Change Resource Quotas
- In the Namespace management screen, click the Resource Configuration tab.
- Enter values in the text fields for each item in Resource Quotas.
- Click the Save button.
For detailed information on each item, see Resource Quotas
Change Pod Default Limit Range
- In the Namespace management screen, click the Resource Configuration tab.
- Pod Default Limit Range Enter values in the text fields for each item.
- Click the Save button.
See Pod Default Limit Rangefor detailed information on each item .
Resource Quotas
When multiple users or teams share a cluster with a fixed number of nodes, there is concern that one team will not get a fair use of the resources. Resource Quotas are a tool that administrators can use to address this issue.
The Resource Quotas that can be set in ZCP are as follows:
| CPU Requests | The sum of CPU requests across all pods in non-terminal state cannot exceed this value. |
|---|---|
| CPU Limits | The sum of CPU limits across all pods in non-terminal state cannot exceed this value. |
| Memory Requests | The sum of Memory requests across all pods in non-terminal state cannot exceed this value. |
| Memory Limits | The sum of the Memory limits across all pods in non-terminal state cannot exceed this value. |
| Pods | The total number of pods in a non-terminal state that can exist in the namespace. A pod is terminal if .status.phase in (Failed, Succeeded) is true. |
| Services | The total number of services that can exist in the namespace. |
| Secrets | The total number of Secrets that can exist in the namespace. |
| Config Maps | The total number of Config Maps that can exist in the namespace. |
| Persistent Volume Claims | The total number of names that can exist in a namespace Persistent Volume Claim is the number of . |
| Services Load Balancers | The total number of Load Balancer services that can exist in the namespace. |
For more detailed information, see Resource Quotas.
Pod Default Limit Range
You can set default resource limits when creating a Pod using the LimitRange Object.
The Limit Ranges that can be set in ZCP are as follows:
| CPU Requests | Default CPU request limit when creating a Pod. |
|---|---|
| CPU Limits | Default CPU limit when creating a Pod. |
| Memory Requests | The default Memory request limit when creating a Pod. |
| Memory Limits | Default Memory limit when creating a Pod. |
For more detailed information, Please refer to Configure Default Memory Requests and Limits for a Namespace과 Configure Default CPU Requests and Limits for a Namespace
Managing Namespace Members
Manages members of a namespace.
Go to the member management screen
- Select Namespaces from the side menu.
- Click the link associated with the Namespace name.
- When the Namespace Management screen appears, click the Member Management tab.
Create Member
You can create members directly from the Member Management tab.
- Click the Create Member button below the member list.
- When the member creation pop-up appears, enter the user information and click the Register button.
Add Member
- Enter the member you want to add in the search field above the Add Member list and click .
- Change the Namespace permissions and click in the Add column.
Delete member
- In the Manage column of the Member List, click on the member you want to delete.
- When the pop-up screen appears, click OK.
Change member permissions
- In the Members list, select the permissions for the member you want to change from the checkbox in the Namespace Permissions column.
- In the Manage column of the Member List, click the of the member whose permissions you want to change.
Each permission is described below:
| Authority Name | ClusterRole | ZCP에서는? |
|---|---|---|
| admin | Read and write access to all resources within the namespace. | You can access the following menus:
|
| cicd-manager | Copy edit ClusterRole that can read and write to most resources except roles and rolebindings within the namespace. | You can access the following menus:
|
| developer | Copy ClusterRole, a view that only allows reading for most resources except roles and rolebindings within the namespace. | You can access the following menus:
|
For more details, see Using RBAC Authorization의 User-facing Roles
Member Search
You can search for members by user ID, email, name, etc.
- Enter your search term in the search field above the member list. Enter your user ID, email, or name.
Namespace Secret Management
Secrets are for keeping sensitive information such as passwords, OAuth tokens, and ssh keys. Putting this information in Secrets is more secure and flexible than putting it directly in a Pod definition or Docker Image.
In the Cloud Z CP console, you can manage the following types of Secrets that are commonly used across multiple applications in a namespace.
(Secrets for each application are managed separately in the project.)
- Docker Registry: Contains the server and credentials for pulling images from a specific Docker registry.
- TLS: Manage certificate and key files used for HTTPS setup.
For more details, see Secrets .
Go to the Secret Management screen
- Select Namespaces from the side menu.
- Click the link associated with the Namespace name.
- When the Namespace management screen appears, click the Secret tab.
Add Secret
- Click the (Add Secret) button at the top right of the Secret list.
- When the Add Secret pop-up appears, enter the information appropriate to the type and click the Register button.
Field Description
- Docker Registry
- docker-server (required): Docker Registry server information. Example: registry.cloudzcp.io
- docker-username (required): Docker login user ID
- docker-password (required): Docker login user password
- docker-email : Docker login user email
- TLS
- certificate :
- key :
Secret Inquiry
- Clicking on the Secret tab of a namespace will display a list of registered Secrets.
- Clicking on a Secret Name will display a pop-up with details about the Secret.
- For TLS type, you can click to download the file.
Delete Secret
- In the Secret list, click in the Manage column of the Secret you want to delete.
- Enter the Secret Name you want to delete for confirmation and click the Delete button.
Secret Search
You can search the registered Secret list by Secret Name.
- Enter your search term in the search field at the top right of the Secret list.
Click or press Enter.
Note
We do not provide the ability to edit Secrets. You can edit them directly by deleting and regenerating them or via Kubernetes commands.
Secret management using kubectl CLI
Secrets can be managed using the kubectl CLI rather than the console. Secrets of type Docker Registry are used in ImagePullSecrets in Pods.
A Secret of type Docker Registry is created with the following command. The Secret will be created with the name my-docker-secret .
kubectl create secret docker-registry my-docker-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
- DOCKER_REGISTRY_SERVER: Docker Registry server information. Example) registry.cloudzcp.io
- DOCKER_USER: Docker login user ID
DOCKER_PASSWORD : Docker login user password
- DOCKER_EMAIL : Docker login user email
You can check if it was created properly in yaml format.
$ kubectl get secret my-docker-secret --output=yaml apiVersion: v1 data: .dockerconfigjson: eyJodHRwczovL2luZGV4L ... J0QUl6RTIifX0= kind: Secret metadata: ... name: my-docker-secret ... type: kubernetes.io/dockerconfigjson
As above, you can check the .dockerconfigjson field under data, which is the content that displays Docker Credentials in base64.
To check if the information you entered is correct, run the following command.
$ kubectl get secret my-docker-secret --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
{"auths":{"registry.cloudzcp.io":{"username":"billygoo","password":"xxxxxxxxxxx","email":"billy.goo@example.com","auth":"c3R...zE2"}}}The auth field value in the result can also be read by decoding it in base64.
$ echo "c3R...zE2" | base64 --decode billygoo:xxxxxxxxxxx
For more details, see Specifying ImagePullSecrets on a Pod.
Delete namespace
To delete from card view:
- Select Namespaces from the side menu.
- Click on the card containing the namespace you want to delete.
Delete from list view:
- Select Namespaces from the side menu.
- Click on the row containing the namespace you want to delete.
Deleting a namespace will not delete the Build and Deployment (Jenkins) Folder. If you need to delete the Folder, delete it manually.
Table Of Contents
Online consultation
Contact us