Namespaces provide logical resource pools within a Kubernetes cluster, creating boundaries for organization, authorization, and resource management. They enable multiple teams or applications to share a single cluster while maintaining isolation and control.
Core Functions
Logical Resource Pools - Namespaces group related resources together, providing organizational boundaries. A namespace might represent:
- An environment (dev, staging, production)
- A team (team-search, team-payments)
- An application (shopping-cart, user-service)
- A tenant in a multi-tenant cluster
Scope for Names - Resources names must be unique within a namespace but can be duplicated across namespaces. A Service named “database” can exist in both “dev” and “production” namespaces.
Authorization Boundary - Role-Based Access Control (RBAC) policies can grant permissions at the namespace level, allowing teams to manage their own resources without cluster-wide access.
Resource Quotas - ResourceQuotas apply at the namespace level, limiting the aggregate resources that all Pods in a namespace can consume.
Service Discovery Within Namespaces
Services within a namespace are discoverable via DNS using short names:
service-name # same namespace
service-name.namespace # cross-namespace
service-name.namespace.svc.cluster.local # fully qualified
This DNS structure enables runtime dependency resolution that adapts to namespace context - the same application code works in dev and production namespaces by using short service names.
Resource Organization
Within namespaces, Labels provide finer-grained organization. While namespaces create hard boundaries, labels create flexible, overlapping categories:
- Namespace: production
- Labels: tier=frontend, app=web-server
- Labels: tier=backend, app=api-service
- Labels: tier=database, app=postgres
Relationship to Resource Management
Namespaces are the scope for:
- ResourceQuotas - Limiting aggregate namespace consumption
- LimitRanges - Setting default container limits
- Network policies - Controlling traffic between namespaces
- RBAC policies - Granting namespace-scoped permissions
This makes namespaces the primary mechanism for multi-tenancy and resource governance in Kubernetes.
Default Namespaces
Kubernetes creates several namespaces by default:
- default - Where resources go without explicit namespace
- kube-system - System components and cluster services
- kube-public - Publicly readable resources
- kube-node-lease - Node heartbeat data