☸️ Kubernetes Q11 / 20

What is a Namespace in Kubernetes?

AI-Powered Answer ✓ Answered

Kubernetes Namespaces provide a mechanism for isolating groups of resources within a single Kubernetes cluster. They serve as a way to divide cluster resources among multiple users or teams, ensuring logical separation and preventing naming collisions for objects like Pods, Services, and Deployments.

What is a Namespace?

A Namespace is essentially a virtual cluster inside your Kubernetes cluster. It provides a scope for names, meaning that resource names need to be unique only within a namespace, not across the entire cluster. This is crucial for environments where multiple teams or applications share the same cluster.

Namespaces are intended for environments with many users spread across multiple teams or projects. They allow for the logical separation of resources without the overhead of maintaining separate physical clusters. For clusters with only a few users, creating namespaces might not be necessary.

Key Benefits and Uses

  • Resource Isolation: Isolate resources for different environments (e.g., development, staging, production) or different teams within the same cluster.
  • Naming Scope: Prevent naming collisions for resources (e.g., two different teams can have a 'database' service in their respective namespaces).
  • Access Control (RBAC): Scope Role-Based Access Control (RBAC) policies to specific namespaces, granting different permissions to different users or groups.
  • Resource Quotas: Apply resource quotas (e.g., CPU, memory limits, number of pods) to a namespace, limiting the total resources that all pods within that namespace can consume.
  • Not for Node Isolation: It's important to note that Namespaces provide logical separation of *resources*, not isolation of *nodes*. All resources in all namespaces still share the underlying cluster nodes.

Default Namespaces

Kubernetes clusters come with several pre-created namespaces:

  • default: The default namespace for objects created without specifying one. It's generally recommended to avoid using this for production workloads and instead create custom namespaces.
  • kube-system: Used for objects created by the Kubernetes system itself, such as kube-apiserver, kube-controller-manager, and kube-scheduler.
  • kube-public: Used for resources that are intended to be cluster-readable by all users, typically for bootstrap components. This namespace is publicly readable.
  • kube-node-lease: Holds Lease objects associated with each node. This is primarily for the node heartbeat mechanism and improving the scalability of node status updates.

Creating a Namespace

You can create a new namespace using a YAML definition or directly via kubectl.

yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: my-team-namespace
bash 
kubectl create namespace my-team-namespace

Working with Namespaces

To view namespaces, list resources in a specific namespace, or set a default namespace for your kubectl context:

bash 
# List all namespaces
kubectl get namespaces

# List pods in a specific namespace
kubectl get pods -n my-team-namespace

# Create a resource in a specific namespace
kubectl apply -f my-deployment.yaml -n my-team-namespace

# Set a default namespace for the current kubectl context
kubectl config set-context --current --namespace=my-team-namespace

# Delete a namespace (and all resources within it!)
kubectl delete namespace my-team-namespace
← All Kubernetes questions