Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should I use kubernetes default namespace?

Tags:

kubernetes

We are going to provide customers a function by deploying and running a container in customers kubernetes environment. After the job is done, we will clean up the container. Currently, the plan is to use k8s default namespace, but I'm not sure whether it can be a concern for customers. I don't have much experience in k8s related field. Should we give customers' an option to specify a namespace to run container, or just use the default namespace? I appreciate your suggestions!

like image 545
vcycyv Avatar asked Nov 03 '25 21:11

vcycyv

1 Answers

I would recommend you not use (!?) the default namespace for anything ever.

The following is more visceral than objective but it's drawn from many years' experience of Kubernetes. In 2016, a now former colleague and I blogged about the use of namespaces:

https://kubernetes.io/blog/2016/08/kubernetes-namespaces-use-cases-insights/

NB since then, RBAC was added and it permits enforcing separation, securely.

Although it exists as a named (default) namespace, it behaves as if there is (the cluster has) no namespace. It may be (!?) that it was retcon'd into Kubernetes after namespaces were added

Unless your context is defined to be a specific other namespace, kubectl ... behaves as kubectl ... --namespace=default. So, by accident it's easy to pollute and be impacted by pollution in this namespace. I'm sure your team will use code for your infrastructure but mistakes happen and "I forgot to specify the namespace" is easily done (and rarely wanted).

Using non-default namespaces becomes very intentional, explicit and, I think, precise. You must, for example (per @david-maze answer) be more intentional about RBAC for the namespace's resources.

Using namespaces is a mechanism that promotes multi-tenancy which is desired for separation of customers (business units, versions etc.)

You can't delete the default namespace but you can delete (and by consequence delete all the resources constrained by) any non-default namespace.

I'll think of more, I'm sure!

Update

  • Corollary: generally don't constrain resources to namespace in specs but use e.g. kubectl apply --filename=x.yaml --namespace=${NAMESPACE}
like image 70
DazWilkin Avatar answered Nov 07 '25 11:11

DazWilkin
Sign in to Comment

Related questions

Can't connect to Kubernetes Cluster on external IP
Shrink Kubernetes persistent volumes
unable to build kubernetes objects from release manifest
Manually change the status of a job to successful in kubernetes
How to choose Kafka transaction id for several applications, hosted in Kubernetes?
Kubernetes load balancer External IP pending

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!