Namespaces
Namespaces in Kubernetes allow you to divide cluster resources between multiple users or teams. They provide logical isolation and help with multi-tenancy, access control, and resource management.
When to Use Namespaces
Namespaces are useful when:
- You need to isolate environments (e.g.,
dev,staging,prod) - You want to enforce resource quotas and limits
- You want to implement RBAC per team or application
Tip
For most small or single-team clusters, the default namespace is sufficient.
Viewing Namespaces
Or with shorthand:
Creating a Namespace
Apply it:
Using Namespaces with kubectl
To temporarily switch namespace context:
Default Namespaces
| Namespace | Purpose |
|---|---|
default |
Used when no other namespace is specified |
kube-system |
Kubernetes control plane components (DNS, scheduler) |
kube-public |
Readable by all users, often used for public bootstrap |
kube-node-lease |
Heartbeats for node status |
Namespaced vs Cluster-Scoped Resources
Some resources must live in a namespace, others are cluster-scoped.
| Namespaced | Cluster-Scoped |
|---|---|
| Pods, Deployments, PVCs | Nodes, PersistentVolumes |
| ConfigMaps, Secrets | Namespaces, CRDs |
| Services | StorageClasses, RBAC Roles |
Resource Quotas and Limits
You can enforce limits on namespaces using:
ResourceQuota: caps total resources in the namespaceLimitRange: sets default limits per Pod/container
Example:
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
namespace: dev
spec:
hard:
requests.cpu: "2"
limits.memory: 4Gi
Cleanup
To delete a namespace and everything inside it:
Summary
- Namespaces provide logical isolation for teams, environments, or applications.
- Use namespaces to set resource quotas, apply RBAC, and organize your cluster.
- For small/simple clusters, the
defaultnamespace is fine; use more as you scale.
Tip
Name namespaces clearly (e.g., dev, prod, team-a) and use them to enforce security and resource policies.