Namespaces

Welcome to the Namespaces chapter. This section covers fundamental concepts and best practices necessary to master this topic in depth.

1. The Virtual Cluster

Imagine a physical office building (your Kubernetes Cluster). If everyone worked in one massive open floor plan, it would be chaotic. Teams would bump into each other, and someone might accidentally unplug the CEO’s computer.

Namespaces are like dividing that open floor plan into separate, secure rooms. They provide a mechanism to partition a single physical cluster into multiple virtual clusters.

Key Use Cases

Environment Isolation: dev, staging, prod running on the same hardware.
Team Isolation: team-alpha, team-beta operating independently.
Resource Limits: Preventing the dev team from consuming all the RAM in the cluster using ResourceQuotas.

2. The Default Namespaces

When you spin up a fresh Kubernetes cluster, it comes with several built-in namespaces:

default: The workspace for objects with no namespace specified.
kube-system: The holy grail. Contains the Control Plane components (CoreDNS, kube-proxy, API server pods). Do not touch this.
kube-public: Resources that should be readable by all users (authenticated or not).
kube-node-lease: Contains heartbeat data for each node to determine node health.

3. Scope and Visibility

What is Namespaced? Most user-facing objects: Pods, Services, ReplicaSets, Deployments, Secrets.

What is NOT Namespaced? (Cluster-Scoped) Low-level infrastructure: Nodes, PersistentVolumes (PVs), ClusterRoles, Namespaces themselves.

[!TIP] DNS Resolution Across Namespaces Pods in the dev namespace can talk to services in the prod namespace (if network policies allow) by using the Fully Qualified Domain Name (FQDN): my-service.prod.svc.cluster.local

4. Interactive: Namespace Isolation Visualizer

Observe how objects with the same name can exist in different Namespaces, but clash in the same Namespace.

Namespace: default

Namespace: dev

System Ready.

5. Creating and Using Namespaces

CLI (kubectl)

Java

# Create a namespace
kubectl create namespace staging

# Run a pod in the new namespace
kubectl run my-nginx --image=nginx --namespace=staging

# View pods in a specific namespace
kubectl get pods -n staging

# View pods across ALL namespaces
kubectl get pods --all-namespaces
# or shorthand: kubectl get pods -A

# Change your default context namespace
kubectl config set-context --current --namespace=staging

// Using Fabric8 to create a Namespace
try (KubernetesClient client = new KubernetesClientBuilder().build()) {
    Namespace ns = new NamespaceBuilder()
        .withNewMetadata()
        .withName("staging")
        .endMetadata()
        .build();

    client.namespaces().resource(ns).create();
    System.out.println("Created namespace: staging");
}

// Using client-go to create a Namespace
import (
	"context"
	"fmt"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
)

func createNamespace(clientset *kubernetes.Clientset, name string) error {
    ns := &corev1.Namespace{
        ObjectMeta: metav1.ObjectMeta{
            Name: name,
        },
    }

    _, err := clientset.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{})
    if err != nil {
        return err
    }

    fmt.Printf("Created namespace %s\n", name)
    return nil
}

Namespaces

Namespaces

1. The Virtual Cluster

Key Use Cases

2. The Default Namespaces

3. Scope and Visibility

4. Interactive: Namespace Isolation Visualizer

Namespace: default

Namespace: dev

5. Creating and Using Namespaces

Found this lesson helpful?