Skip to main content

Risks

Structure of Clusters through Namespace Management

Namespaces facilitate internal orientation in the cluster and make it more difficult externally. Furthermore, they are helpful for application backup. High downtime after cluster failures and incorrect namespacing can lead to applications not running or unintentionally broadcasting to the Internet.

 

Namespaces are intended for use in environments with many users spread across multiple teams or projects. They provide a framework for names. Resource names must be unique within a namespace, but not across namespaces. Namespaces cannot be nested within each other, and each Kubernetes resource can only be in one namespace. Additionally, they are a way to share cluster resources between multiple users (via resource quotas).

 

It is not necessary to use multiple namespaces just to separate slightly different resources, such as different versions of the same software. In this case, it is recommended to work with labels to distinguish resources within the same namespace.

 

A namespace creator is explicitly responsible for the creation of namespaces in this security concept in the roles/rights concept.

Role-Based Access Control (RBAC): Use RBAC to control who can create and manage namespaces, ensuring only authorized personnel can make changes.

The namespace creator should familiarize themselves with the link below.

https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/


follow these measures