In Kubernetes, Namespaces provide a mechanism for isolating groups of resources within a single cluster. Think of them as virtual sub-clusters within your main Kubernetes cluster.
They are crucial for:
- Resource Isolation: Preventing naming collisions between different teams or applications that might use the same resource names (e.g., two different
my-appdeployments). - Organization: Grouping related resources together (e.g., all development environment resources, all production resources, or all resources belonging to a specific team).
- Access Control: Applying different RBAC (Role-Based Access Control) policies to different namespaces, allowing specific users or teams to manage resources only within their designated namespaces.
- Resource Quotas: Setting limits on the total amount of compute resources (CPU, memory) that can be consumed by all pods within a specific namespace.
Namespaces are especially useful in:
- Multi-tenancy environments: When multiple teams or users share a single Kubernetes cluster. Each team can have its own namespace, ensuring their resources don't interfere with others.
- Separating environments: You can have
development,staging, andproductionnamespaces within the same cluster. This allows you to deploy and test applications in isolated environments before moving them to production. - Managing large clusters: Breaking down a large cluster into smaller, manageable units makes it easier to organize and operate.
Every Kubernetes cluster comes with a few pre-created namespaces:
default: This is where resources are created if you don't specify a namespace. It's generally good practice to create your own namespaces for your applications rather than relying solely ondefault.kube-system: This namespace is reserved for objects created by the Kubernetes system itself (e.g.,kube-dns,kube-proxy,etcd,kube-apiserver). You should generally not deploy your own applications into this namespace.kube-public: This namespace is readable by all users (even unauthenticated ones) and is typically used for cluster-level resources that need to be universally accessible, like some cluster information.kube-node-lease: Introduced in Kubernetes 1.14, this namespace holds Lease objects for each node, which are used for node health checks. This helps the Kubernetes control plane detect node failures more efficiently and scale better.
Here are common kubectl commands for managing namespaces:
To see all namespaces in your cluster:
kubectl get namespaces
# Or
kubectl get nsExample Output:
NAME STATUS AGE
default Active 3d
kube-node-lease Active 3d
kube-public Active 3d
kube-system Active 3d
my-app-dev Active 5m
You can create a namespace using kubectl create namespace or by applying a YAML file. Using a YAML file is preferred for version control and automation.
Example: my-app-namespace.yaml
apiVersion: v1 # Specifies the Kubernetes API version
kind: Namespace # Defines the type of Kubernetes resource
metadata:
name: my-app-dev # The name of your new namespace. This name should be unique within the cluster.
labels:
environment: development # Optional: Add labels for organization or selection
project: my-app # Optional: Helps identify which project this namespace belongs to
To create this namespace:
kubectl apply -f my-app-namespace.yamlWhen you create a resource (like a Deployment, Pod, or Service), you can specify its namespace in the metadata section.
Example: my-nginx-deployment.yaml
This YAML will deploy an Nginx application specifically into the my-app-dev namespace.
# my-nginx-deployment.yaml
apiVersion: apps/v1 # Specifies the Kubernetes API version for Deployments
kind: Deployment # Defines the type of Kubernetes resource as a Deployment
metadata:
name: nginx-deployment # The name of the Deployment
namespace: my-app-dev # IMPORTANT: Specifies the namespace where this Deployment will be created.
# If omitted, it defaults to the 'default' namespace.
labels:
app: nginx # Labels for selecting the pods managed by this Deployment
spec:
replicas: 2 # Number of desired replica pods
selector:
matchLabels:
app: nginx # Selects pods with the label 'app: nginx'
template:
metadata:
labels:
app: nginx # Labels to apply to the pods created by this Deployment
spec:
containers:
- name: nginx # Name of the container
image: nginx:latest # Docker image to use for the container
ports:
- containerPort: 80 # Port exposed by the containerTo deploy this into my-app-dev namespace:
kubectl apply -f my-nginx-deployment.yamlTo see resources within a particular namespace:
kubectl get pods --namespace my-app-dev
# Or the shorthand:
kubectl get pods -n my-app-devYou can also specify the namespace for other resource types:
kubectl get deployments -n my-app-dev
kubectl get services -n my-app-devIf you're working extensively in one namespace, you can temporarily set it as your default for commands:
kubectl config set-context --current --namespace=my-app-devNow, when you run kubectl get pods, it will automatically show pods in my-app-dev without needing -n my-app-dev. To revert, you can set the context back to default or another namespace.
Deleting a namespace also deletes all resources within it. Use with caution!
kubectl delete namespace my-app-dev
# Or using the shorthand:
kubectl delete ns my-app-devThis command will remove my-app-dev namespace and any deployments, pods, services, etc., that reside within it.
Namespaces are a fundamental concept in Kubernetes for managing complexity and ensuring proper isolation and organization within your cluster. By effectively utilizing namespaces, you can create a more robust, secure, and manageable Kubernetes environment.