Kubernetes Namespace Concepts
External
- https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- http://kubernetes.io/docs/user-guide/namespaces
Internal
Overview
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster resources. A namespace provides scope for:
- named resources to avoid naming collisions
- delegating management authority to trusted users
- the ability to limit community resource consumption via limits, quotas and RBAC rules.
In OpenShift, namespaces are known as OpenShift Projects.
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
Not all objects are required to be scoped to a namespace. However, for objects that are scoped in a namespace, their names must be unique within a specific namespace.
An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation.
The Default Namespace
It's not good practice to use the default namespace for anything of significance.
Namespace Manifest
Creating Objects in a Specific Namespace
To create an object in a specific namespace, provide the namespace name in the manifest's metadata:
... metadata namespace: 'blue'
The namespace must exist.