Namespaces

The term namespace is used to reference both the kernel feature and the segregation of API objects by Kubernetes. Both are means to keep resources distinct.

Every API call includes a namespace, using default if not otherwise declared: https://10.128.0.3:6443/api/v1/namespaces/default/pods.

Namespaces, a Linux kernel feature that segregates system resources, are intended to isolate multiple groups and the resources they have access to work with via quotas. Eventually, access control policies will work on namespace boundaries, as well. One could use labels to group resources for administrative reasons.

There are four namespaces when a cluster is first created. Click on the cards below to learn more about each of the four namespaces.

default

This is where all the resources are assumed, unless set otherwise.

kube-node-lease

This is the namespace where worker node lease information is kept.

kube-public

A namespace readable by all, even those not authenticated. General information is often included in this namespace.

kube-system

This namespace contains infrastructure pods.

Should you want to see all the resources on a system, you must pass the --all-namespaces option to the kubectl command.