Kubernetes Namespace Concepts: Difference between revisions
Line 23: | Line 23: | ||
=Namespace Operations= | =Namespace Operations= | ||
{{Internal|Kubernetes_Operations#Namespace_Operations|Namespace Operations}} | {{Internal|Kubernetes_Operations#Namespace_Operations|Namespace Operations}} | ||
string Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces |
Revision as of 23:21, 30 August 2019
External
Internal
Overview
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster. A namespace provides scope for:
- named resources to avoid naming collisions
- delegating management authority to trusted users
- the ability to limit community resource consumption via limits, quotas and RBAC rules.
In OpenShift, namespaces are known as OpenShift Projects.
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
The Default Namespace
It's not good practice to use the default namespace for anything of significance.
Namespace Operations
string Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces