Kubernetes Namespace Concepts: Difference between revisions
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=External= | =External= | ||
*https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces | * https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces | ||
* http://kubernetes.io/docs/user-guide/namespaces | |||
=Internal= | =Internal= | ||
| Line 8: | Line 9: | ||
=Overview= | =Overview= | ||
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster. A namespace provides scope for: | A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster resources. A namespace provides scope for: | ||
* named resources to avoid naming collisions | * named resources to avoid naming collisions | ||
* delegating management authority to trusted users | * delegating management authority to trusted users | ||
| Line 17: | Line 18: | ||
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace. | A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace. | ||
[[Kubernetes_API_Resources_Concepts#Names| | Not all objects are required to be scoped to a namespace. However, for objects that are scoped in a namespace, their [[Kubernetes_API_Resources_Concepts#Names|names]] must be unique within a specific namespace. | ||
An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. | |||
=The Default Namespace= | =The Default Namespace= | ||
| Line 23: | Line 26: | ||
It's not good practice to use the default namespace for anything of significance. | It's not good practice to use the default namespace for anything of significance. | ||
=Namespace | =Namespace Manifest= | ||
{{Internal| | {{Internal|Kubernetes Namespace Manifest|Namespace Manifest}} | ||
=Creating Objects in a Specific Namespace= | |||
To create an object in a specific namespace, provide the namespace name in the [[Kubernetes_Manifest_Metadata#namespace|manifest's metadata]]: | |||
... | |||
metadata | |||
namespace: 'blue' | |||
The namespace must exist. | |||
=Namespace Operations= | |||
{{Internal|Kubernetes Namespace Operations|Namespace Operations}} | |||
Latest revision as of 20:53, 23 September 2021
External
- https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
- http://kubernetes.io/docs/user-guide/namespaces
Internal
Overview
A namespace is a construct that allows logically dividing a Kubernetes cluster for management purposes, a logical partition of a Kubernetes cluster resources. A namespace provides scope for:
- named resources to avoid naming collisions
- delegating management authority to trusted users
- the ability to limit community resource consumption via limits, quotas and RBAC rules.
In OpenShift, namespaces are known as OpenShift Projects.
A namespace is NOT a strong security boundary. Also, the namespace mechanism cannot guarantee that a pod in one namespace will not impact a pod in another namespace.
Not all objects are required to be scoped to a namespace. However, for objects that are scoped in a namespace, their names must be unique within a specific namespace.
An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation.
The Default Namespace
It's not good practice to use the default namespace for anything of significance.
Namespace Manifest
Creating Objects in a Specific Namespace
To create an object in a specific namespace, provide the namespace name in the manifest's metadata:
... metadata namespace: 'blue'
The namespace must exist.