Skip to content

Kubernetes Namespace scope and resource isolation

A Kubernetes namespace provides a mechanism to partition a single physical Kubernetes cluster into multiple virtual clusters^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md]. This abstraction allows teams or projects to share the same cluster infrastructure while maintaining isolation between their resources^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].

Purpose and Usage

Namespaces are designed for scenarios involving multiple teams or projects, enabling resource division based on business logic or team boundaries^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md]. However, for clusters with a small number of users (e.g., a few to a dozen), creating namespaces may not be necessary^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].

Scope and Isolation

The scope of resources within a namespace is governed by specific naming and lifecycle rules:

  • Uniqueness: Resource names must be unique within the same namespace^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].
  • Cross-namespace duplication: Different namespaces can contain resources with identical names^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].
  • Lifecycle: If a namespace is deleted, all resources contained within it are automatically deleted as well^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].

Resource Management

Namespaces facilitate resource allocation and control through integration with specific Kubernetes objects:

  • ResourceQuota: This object can be used to allocate or limit system resources (such as CPU and memory) for a specific namespace^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].
  • LimitRange: This allows for the configuration of default resource requests and limits for pods within the namespace^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].

Namespaces and Context

By default, kubectl commands interact with the default namespace^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md]. Users can target specific namespaces for a single request using the --namespace flag^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md]. Alternatively, the persistent context for kubectl can be changed to set a new default namespace for subsequent commands^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md].

Sources

^[400-devops-06-kubernetes-k8s-ithelp-day22-readme.md]