K8s by Example: Namespaces

Namespaces partition a cluster into virtual sub-clusters. They provide scope for names and are the basis for resource quotas and RBAC policies.
namespace.yaml

A Namespace is a core Kubernetes resource (v1 API).

 
apiVersion: v1
kind: Namespace

The name must be unique cluster-wide. Use lowercase, numbers, and hyphens only.

 
metadata:
  name: my-app

Labels help organize and select namespaces. Common patterns: environment, team, cost-center.

 
  labels:
    environment: production
    team: platform
terminal

Built-in namespaces: default (your resources if unspecified), kube-system (control plane), kube-public (readable by all).

 
$ kubectl get namespaces
NAME              STATUS   AGE
default           Active   45d
kube-system       Active   45d
kube-public       Active   45d
kube-node-lease   Active   45d
terminal

Create a namespace imperatively with kubectl create.

 
$ kubectl create namespace my-app
namespace/my-app created
terminal

Set a default namespace for your current context to avoid typing -n my-app repeatedly.

 
$ kubectl config set-context --current --namespace=my-app
Context "my-cluster" modified.
terminal

Verify your current namespace setting.

 
$ kubectl config view --minify | grep namespace
    namespace: my-app
pod.yaml

Within the same namespace, reference services by name only. Kubernetes DNS resolves it automatically.

 
env:
  - name: API_URL
    value: "http://api:8080"

Cross-namespace references use service.namespace.svc format.

 
  - name: REDIS_URL
    value: "redis://redis.cache.svc:6379"

Full FQDN includes .cluster.local. Usually only needed for edge cases.

 
  - name: DB_HOST
    value: "postgres.db.svc.cluster.local"
resourcequota.yaml

ResourceQuotas limit total resource consumption per namespace. Prevents one team from consuming all cluster resources.

 
apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
  namespace: my-app

spec.hard defines the limits. Constrain CPU, memory, storage, and object counts.

 
spec:
  hard:
    requests.cpu: "10"
    requests.memory: 20Gi
    limits.cpu: "20"
    limits.memory: 40Gi
    pods: "50"
limitrange.yaml

LimitRanges set default and max/min resource limits per container.

 
apiVersion: v1
kind: LimitRange
metadata:
  name: default-limits
spec:
  limits:

default sets limits when not specified.

 
    - default:
        cpu: "500m"
        memory: "512Mi"

defaultRequest sets requests.

 
      defaultRequest:
        cpu: "100m"
        memory: "128Mi"
      type: Container
terminal

Some resources are cluster-scoped: Nodes, PersistentVolumes, ClusterRoles, Namespaces.

 
$ kubectl api-resources --namespaced=false
NAME                  SHORTNAMES   APIVERSION   NAMESPACED
nodes                 no           v1           false
persistentvolumes     pv           v1           false
clusterroles                       rbac/v1      false
namespaces            ns           v1           false
terminal

Most workload resources are namespaced: Pods, Services, Deployments, ConfigMaps.

 
$ kubectl api-resources --namespaced=true
NAME                  SHORTNAMES   APIVERSION   NAMESPACED
pods                  po           v1           true
services              svc          v1           true
deployments           deploy       apps/v1      true
configmaps            cm           v1           true
terminal

Apply resources to a specific namespace with -n.

 
$ kubectl apply -f deploy.yaml -n my-app
deployment.apps/my-app created
terminal

View pods across all namespaces with -A.

 
$ kubectl get pods -A
NAMESPACE     NAME                       READY   STATUS
kube-system   coredns-5d78c9869d-abc     1/1     Running
kube-system   etcd-master                1/1     Running
my-app        my-app-6d4f8b7c9-xyz       1/1     Running
terminal

Warning: deleting a namespace deletes ALL resources within it. No undo.

 
$ kubectl delete namespace my-app
namespace "my-app" deleted

Index | GitHub | Use arrow keys to navigate |