šŸŽ‰ DevOps Interview Prep Bundle is live — 1000+ Q&A across 20 topicsGet it →
All Articles

What Is a Kubernetes Namespace? (Explained Simply)

Namespaces in Kubernetes divide your cluster into virtual sections. Here's what they are, why they matter, and how to use them.

DevOpsBoys2 min read
Share:Tweet

If you've run kubectl get pods and gotten nothing, but you know pods exist — you were probably looking in the wrong namespace. Here's what namespaces are and how to use them.


What Is a Namespace?

A namespace is a way to divide a single Kubernetes cluster into multiple virtual clusters.

Think of it like folders on your computer. One cluster, multiple namespaces — resources in each namespace are isolated from each other.

cluster
ā”œā”€ā”€ namespace: default        (your stuff if you don't specify)
ā”œā”€ā”€ namespace: production     (production workloads)
ā”œā”€ā”€ namespace: staging        (staging workloads)
ā”œā”€ā”€ namespace: monitoring     (Prometheus, Grafana)
└── namespace: kube-system    (Kubernetes system components)

Default Namespaces

When you install Kubernetes, these namespaces exist out of the box:

NamespacePurpose
defaultWhere resources go if you don't specify a namespace
kube-systemKubernetes internal components (DNS, scheduler, controller manager)
kube-publicReadable by all users, rarely used
kube-node-leaseNode heartbeat objects

Basic Namespace Commands

bash
# List all namespaces
kubectl get namespaces
 
# Create a namespace
kubectl create namespace staging
 
# Get pods in a specific namespace
kubectl get pods -n staging
 
# Get pods across ALL namespaces
kubectl get pods --all-namespaces
# or shorter:
kubectl get pods -A
 
# Delete a namespace (deletes everything inside it!)
kubectl delete namespace staging

Using Namespaces in YAML

yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  namespace: staging    # <-- specify here
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
        - name: myapp
          image: myapp:v1.2

What Namespaces Do and Don't Isolate

They DO isolate:

  • Pod names (same pod name can exist in different namespaces)
  • Services (a Service in staging is different from production)
  • ConfigMaps and Secrets
  • RBAC (you can give different permissions per namespace)
  • Resource quotas (limit CPU/memory per namespace)

They DON'T isolate:

  • Network traffic by default (pods can still reach each other across namespaces unless you add NetworkPolicy)
  • Nodes (all namespaces share the same nodes)
  • Cluster-wide resources: Nodes, PersistentVolumes, ClusterRoles, StorageClasses

Resource Quotas Per Namespace

You can limit how much CPU and memory a namespace can use:

yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: staging-quota
  namespace: staging
spec:
  hard:
    requests.cpu: "4"
    requests.memory: 8Gi
    limits.cpu: "8"
    limits.memory: 16Gi
    pods: "20"

This prevents one team from consuming all cluster resources.


Set a Default Namespace for kubectl

Typing -n staging every command gets old. Set a default:

bash
kubectl config set-context --current --namespace=staging
 
# Now all commands default to staging
kubectl get pods        # same as kubectl get pods -n staging

Real-World Namespace Strategy

Small team:

default / staging / production

Multi-team:

team-a-dev / team-a-prod
team-b-dev / team-b-prod
monitoring / logging / security

By environment:

dev / staging / prod
monitoring / platform

Pick one convention and stick to it. Mixing strategies creates confusion.


Resources

šŸ”§

Today I Fixed

Short real fixes from production — posted daily

Browse fixes
Newsletter

Stay ahead of the curve

Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.

Related Articles

Comments