Skip to main content

Namespaces

Namespaces provide a mechanism for isolating groups of resources within a single cluster.

  • Names of resources need to be unique within a namespace
  • Namespace-based scoping is applicable only for namespaced objects and not for cluster-wide objects
More Information

Default Namespacesโ€‹

Kubernetes creates four namespaces by default:

  • default: the default namespace for objects with no other namespace specified
  • kube-system: namespace for objects created by the Kubernetes system (e.g. CoreDNS, kube-proxy, metrics-server)
  • kube-public: readable by all users (including unauthenticated), reserved for cluster usage and resources that should be publicly visible
  • kube-node-lease: holds Lease objects associated with each node, used by the kubelet to send heartbeats so the control plane can detect node failures

Common Operationsโ€‹

Create a namespace:

kubectl create namespace my-namespace

List all namespaces:

kubectl get namespaces

Delete a namespace (deletes all resources within it):

kubectl delete namespace my-namespace

Set the default namespace for the current context:

kubectl config set-context --current --namespace=my-namespace

Verify the current namespace:

kubectl config view --minify --output 'jsonpath={..namespace}'

Resource Quotasโ€‹

Resource quotas can be applied per namespace to limit the total amount of resources that can be consumed:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: my-quota
  namespace: my-namespace
spec:
  hard:
    pods: "10"
    requests.cpu: "4"
    requests.memory: 8Gi
    limits.cpu: "8"
    limits.memory: 16Gi
  • When a quota is active, the API server rejects requests that would exceed the quota
  • Multiple quotas can exist in the same namespace
  • Quotas can also limit the number of objects (pods, services, secrets, etc.)

Namespaces Stuck in Terminatingโ€‹

When deleting a namespace in Kubernetes, the namespace may remain stuck in terminating status.

$ kubectl get ns

NAME               STATUS        AGE
default            Active        2d
kube-public        Active        2d
kube-system        Active        2d
my-namespace       Terminating   7m

Solutionโ€‹

  1. Get the namespace manifest
kubectl get ns my-namespace -o yaml > namespace.yaml
  1. Edit the manifest file and remove all finalizers
namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace
spec:
  finalizers:
status:
  phase: Terminating
  1. Start kubectl proxy
$ kubectl proxy

Starting to serve on 127.0.0.1:8001
  1. Call namespace finalize API:
curl -H "Content-Type: application/yaml" -X PUT --data-binary @namespace.yaml http://127.0.0.1:8001/api/v1/namespaces/my-namespace/finalize
  1. Confirm if namespace was deleted
$ kubectl get ns

NAME               STATUS        AGE
default            Active        2d
kube-public        Active        2d
kube-system        Active        2d