Kubernetes Namespace Concepts: Difference between revisions
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
=Overview= | =Overview= | ||
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes. A namespace provides scope for: | A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster. A namespace provides scope for: | ||
* named resources to avoid naming collisions | * named resources to avoid naming collisions | ||
* delegating management authority to trusted users | * delegating management authority to trusted users | ||
* the ability to limit community resource consumption | * the ability to limit community resource consumption via limits, quotas and RBAC rules. | ||
In OpenShift, namespaces are known as [[OpenShift Concepts#Projects|OpenShift Projects]]. | In OpenShift, namespaces are known as [[OpenShift Concepts#Projects|OpenShift Projects]]. | ||
A namespace is NOT a strong security boundary. | A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace. | ||
=The Default Namespace= | =The Default Namespace= | ||
Revision as of 20:55, 30 August 2019
External
Internal
Overview
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster. A namespace provides scope for:
- named resources to avoid naming collisions
- delegating management authority to trusted users
- the ability to limit community resource consumption via limits, quotas and RBAC rules.
In OpenShift, namespaces are known as OpenShift Projects.
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
The Default Namespace
It's not good practice to use the default namespace for anything of significance.