Kubernetes Namespace Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search




A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster resources. A namespace provides scope for:

  • named resources to avoid naming collisions
  • delegating management authority to trusted users
  • the ability to limit community resource consumption via limits, quotas and RBAC rules.

In OpenShift, namespaces are known as OpenShift Projects.

A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.

Not all objects are required to be scoped to a namespace. However, for objects that are scoped in a namespace, their names must be unique within a specific namespace.

An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation.

The Default Namespace

It's not good practice to use the default namespace for anything of significance.

Namespace Manifest

Namespace Manifest

Creating Objects in a Specific Namespace

To create an object in a specific namespace, provide the namespace name in the manifest's metadata:

  namespace: 'blue'

The namespace must exist.

Namespace Operations

Namespace Operations