A mechanism for isolating groups of resources within a single cluster.
divide by: dep, project, env,
A multi-tenancy cluster allows for multiple users or teams to share one cluster for their workloads while maintaining isolation and fair resource sharing.
This is achieved by creating namespaces. Namespaces allow multiple virtual clusters to exist on the same physical cluster.
kubectl get services --namespace=kube-system
kubectl get api-resources --namespaced=trueto see which resources support namespace
Initial namespaces:
default
Kubernetes includes this namespace so that you can start using your new cluster without first creating a namespace.
kube-node-lease
This namespace holds Lease objects associated with each node. Node leases allow the kubelet to send heartbeats so that the control plane can detect node failure.
kube-public
This namespace is readable by all clients (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement.
kube-system
The namespace for objects created by the Kubernetes system.
Working with namespace
Not all objects are in a namespace:
some objects such as node and persistentVolume are not namespaced
# In a namespacekubectl api-resources --namespaced=true# Not in a namespacekubectl api-resources --namespaced=false