Kubernetes Namespace Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 16: Line 16:


A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
[[Kubernetes_API_Resources_Concepts#Names|Object names]] must be unique within a specific namespace.


=The Default Namespace=
=The Default Namespace=

Revision as of 23:23, 30 August 2019

External

Internal

Overview

A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster. A namespace provides scope for:

  • named resources to avoid naming collisions
  • delegating management authority to trusted users
  • the ability to limit community resource consumption via limits, quotas and RBAC rules.

In OpenShift, namespaces are known as OpenShift Projects.

A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.

Object names must be unique within a specific namespace.

The Default Namespace

It's not good practice to use the default namespace for anything of significance.

Namespace Operations

Namespace Operations



string Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces