From Kubernetes Namespaces to OpenShift Projects

  • are a mechanism for resource groups’ isolation in a single cluster.
  • allow to divide cluster resources between multiple users via resource quota.
  • shouldn’t be named with the prefix “kube-” ; It’s reserved for Kubernetes system namespaces.
  • that Kubernetes initiated with and purposes:
    - default objects with no other namespaces
    - kube-system for objects created by Kubernetes system
    -
    kube-public for resources should be visible and readable publicly
    - kube-node-lease for detecting node failures by control plane
  • should be valid to RFC 1035 Label Names
    - contain at most 63 characters
    - contain only lowercase alphanumeric characters or ‘-’
    - start with an alphabetic character
    - end with an alphanumeric character
  • don’t include all objects. (nodes, persistentVolumes, StorageClasses etc. are not namespaced)
  • help different projects, teams or customers to share a Kubernetes cluster.
# namespace yaml example.
apiVersion
: v1
kind: Namespace
metadata:
name: example-namespace
ns|project sections
diagram is taken from oreilly.com
  • encapsulates namespace in the name of security and manageability
  • access is must be given to regular users by cluster admin. It’s possible to allow regular users to create projects
  • can have a separate name, displayName, and description
  • scopes its own set of objects, policies, constraints, service accounts
  • bash shell
  • user able to run kubectl command

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store