Kubernetes – Namespaces
You can create a single physical cluster as a set of virtual clusters by using namespaces.
After creating you first namespace, for example “my-space”, you can see that, as default, you also have a default namespace as well other others used by kubernetes under the hood:
Namespaces in Kubernetes allow you to group workloads and resources together.
It´s very useful if you have a lot of objects and you want to search or execute operations on some of them according to the purpose.
Namespace don´t provide isolation. By default, pods can access other pods and services in ohter namespaces, but you can isolate them by using network policies too. And also apply resource quotas to them.
You can´t assign nodes and persistent volumes to the same namespaces. This means, for example, that pods from different namespaces can you the same persistence storage.
If you omit the namespace (by using “-n myspace” or “–namespace myspace”), kubernetes will use the default one.
Make sure that users that can operate on a dedicated namespace don’t have access to the default namespace. Otherwise, every time they forget to specify a namespace, they’ll operate quietly on the default
namespace.
The best way to avoid this situation is to “seal” the namespace and require different users and credentials for each namespace, like using users and root iwith sudo on your machine.
If you are planning to work with the same namespace for a while, you can defne a context, so you don’t have to keep typing --namespace=ns
for every command:
$ kubectl config set-context dev-context --namespace=my-space --user=default --cluster=default
Context "dev-context" created.
$ kubectl config use-context dev-context
Switched to context "dev-context".
it´s good to split complex systems into smaller groups. For example, in a multi-tenant environment (prod-dev-test). And namespaces can help you!