Script Valley
Kubernetes: From Containers to Clusters
Containers and the Kubernetes FoundationLesson 1.4

Kubernetes namespaces: what they are and when to use them

namespace definition, default namespace, kube-system namespace, resource isolation, namespace-scoped vs cluster-scoped resources, creating namespaces, kubectl -n flag

Namespaces Are Virtual Clusters

Kubernetes namespaces isolation diagram

A namespace is a way to divide a single Kubernetes cluster into isolated sections. Resources in one namespace are hidden from resources in another by default. This lets multiple teams or environments (dev, staging, prod) share one cluster without stepping on each other.

Built-in Namespaces

default โ€” where your resources land if you do not specify a namespace. Fine for learning, bad for production.

kube-system โ€” Kubernetes internal components (CoreDNS, kube-proxy) live here. Do not deploy your apps here.

kube-public โ€” readable by all users. Rarely used directly.

Creating and Using Namespaces

# Create a namespace
kubectl create namespace staging

# Or declaratively (preferred)
kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: staging
EOF

# List all namespaces
kubectl get namespaces

# Deploy into a specific namespace
kubectl apply -f deployment.yaml -n staging

# Get resources in a namespace
kubectl get pods -n staging

# Get resources across ALL namespaces
kubectl get pods --all-namespaces

What Namespaces Do Not Isolate

Namespaces do not provide network isolation by default. A Pod in namespace A can still reach a Pod in namespace B. For true network isolation, you need NetworkPolicies โ€” covered later in this course.

Up next

Kubernetes labels and selectors: how resources find each other

Sign in to track progress

Kubernetes namespaces: what they are and when to use them โ€” Containers and the Kubernetes Foundation โ€” Kubernetes: From Containers to Clusters โ€” Script Valley โ€” Script Valley