🧭 Kubernetes Namespaces & Quotas
Namespaces help you organize and isolate Kubernetes resources logically within a cluster. They are especially useful for multi-team, multi-project, or multi-environment setups.
✅ Why Use Namespaces?
Namespaces allow you to:
- Separate dev/stage/prod environments
- Avoid resource name collisions
- Apply role-based access controls (RBAC)
- Enforce resource usage limits per group or team
Think of a namespace as a "folder" for your resources.
📦 Default Namespaces
| Namespace | Purpose |
|---|---|
default |
Default working space for resources |
kube-system |
Kubernetes control plane components |
kube-public |
Readable by all users (for bootstrap info) |
kube-node-lease |
Heartbeat tracking for nodes |
🔧 Common Namespace Commands
List all namespaces
kubectl get namespaces
Create a namespace
kubectl create namespace dev-ns
Delete a namespace
kubectl delete namespace dev-ns
Get resources in a namespace
kubectl get pods -n dev-ns
kubectl get all -n prod
Change current context namespace
kubectl config set-context --current --namespace=dev
🎯 Best Practices
- Avoid using the
defaultnamespace for production workloads - Use naming conventions like
team-name-env(e.g.,payments-prod) - Group related workloads, quotas, and policies under one namespace
🧮 Resource Quotas
A ResourceQuota is used to limit the aggregate resource consumption (CPU, memory, object count) within a namespace.
✅ Why Use ResourceQuotas?
- Prevent teams from over-consuming shared resources
- Enforce fair usage across namespaces
- Encourage teams to define requests and limits in Pod specs
📄 Example ResourceQuota YAML
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
namespace: dev-ns
spec:
hard:
pods: "10"
requests.cpu: "4"
requests.memory: 5Gi
limits.cpu: "10"
limits.memory: 10Gi
Apply the quota
kubectl apply -f compute-quota.yaml
📊 How It Works
- Quotas are applied per namespace
- Usage is tracked by summing requests/limits across all resources in that namespace
- If usage exceeds the quota, new resources will be rejected
Quotas do not limit nodes — only what's consumed inside the namespace
🔍 View ResourceQuota Usage
kubectl describe quota compute-quota -n dev-ns
🌐 Service DNS & Namespaces
Services can be reached using Kubernetes DNS:
Same namespace:
db-service
Different namespace:
db-service.marketing.svc.cluster.local
✅ Summary
| Feature | Use Case |
|---|---|
| Namespace | Isolate resources, teams, environments |
| ResourceQuota | Enforce CPU/memory/object limits |
| DNS Resolution | Resolve services within/across namespaces |
Namespaces give structure to your cluster and help teams share it responsibly. Quotas protect fairness and stability.