I work in a multi-tenant node app, I know to create a new namespace in Kubernetes is possible to run a kubectl command as follow:
kubectl create namespace <namespace name>
How can I create a new namespace from node Microservices when a new customer make a sign up for a new account?
Is there some kubectl API to make a request from an external app?
Is necessary for the user to log out from app, destroy the pods created in kubernetes?
It could be as simple as calling from a shell in your app:
kubectl create namespace <your-namespace-name>
Essentially, kubectl talks to the kube-apiserver.
You can also directly call the kube-apiserver. This is an example to list the pods:
$ curl -k -H 'Authorization: Bearer <token>' \
https://$KUBERNETES_SERVICE_HOST:6443/api/<api-version>/namespaces/default/pods
More specifically to create a namespace:
$ curl -k -H -X POST -H 'Content-Type: application/json' \
-H 'Authorization: Bearer <token>' \
https://$KUBERNETES_SERVICE_HOST:6443/api/v1/namespaces/ -d '
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"name": "mynewnamespace"
}
}'
In case you are wondering about the <token>, it's a Kubernetes Secret typically belonging to a ServiceAccount and bound to a ClusterRole that allows you to create namespaces.
You can create a Service Account like this:
$ kubectl create serviceaccount namespace-creator
Then you'll see the token like this (a token is automatically generated):
$ kubectl describe sa namespace-creator
Name: namespace-creator
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: namespace-creator-token-xxxxx
Tokens: namespace-creator-token-xxxxx
Events: <none>
Then you would get the secret:
$ kubectl describe secret namespace-creator-token-xxxxx
Name: namespace-creator-token-xxxx
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: namespace-creator
kubernetes.io/service-account.uid: <redacted>
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: <REDACTED> <== This is the token you need for Authorization: Bearer
Your ClusterRole should look something like this:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: namespace-creator
rules:
- apiGroups: ["*"]
resources: ["namespaces"]
verbs: ["create"]
Then you would bind it like this:
$ kubectl create clusterrolebinding namespace-creator-binding --clusterrole=namespace-creator --serviceaccount=namespace-creator
When it comes to writing code you can use any HTTP client library in any language to call the same endpoints.
There are also libraries like the client-go library that takes care of the plumbing of connecting to a kube-apiserver.
you can create namespace using below command:
kubectl create namespace << namespace_name>>.
Please find below some examples
kubectl create namespace dev
kubectl create namespace test
kubectl create namespace prod
To see namespace created:
kubectl get namespace
or
kubectl get ns
or
kubectl get namespaces
To avoid mentioning namespace in every kubectl command execution like while creating pod,deployment or any other kubernetes object, set namespace like as mentioned below:
kubectl config set-context --current --namespace=test
I hope this helped!!
Depends on the language in whcih your Microservice is implemeneted , you can just use the Client library inside that Microservice or write a new microservice in language of your choice, and as Answered above , use a service account with ClusterRoleBinding that can create namespaces. and you are good to go.
Client Libraries here:
