Namespaces

This article describes Kubernetes namespaces in HPE Ezmeral Runtime Enterprise.

Kubernetes Namespaces

All Kubernetes resources, other than nodes and persistent storage volumes, exist within a namespace.

Namespaces are partially isolated environments that run inside a single physical Kubernetes cluster. This allows different teams, projects, and customers to share a Kubernetes cluster. Namespaces have separate pods and resources, but cannot be nested and can still communicate with each other.

Kubernetes namespaces have the following uses:
  • Isolation: Teams, projects, and customers exist in their own environment within a cluster, and do not impact each other's work.
  • Security: Use access controls to limit users or processes to certain namespaces.
  • Resource control: Use resource quotas to divide a cluster's resources between teams and users.
  • Organization: Separate development, testing, and production environments into different namespaces on one cluster.
  • Performance: Use multiple namespaces on the same cluster to reduce the number of items the Kubernetes API must search when performing operations.

For more information on using namespaces, see the Namespaces page in the Kubernetes documentation.

kubectl Commands for Namespaces

  • Create a namespace:
    kubectl create namespace
  • View namespaces:
    kubectl get namespace
  • Set a different namespace as default:
    kubectl config set-context --current --namespace=<namespace>
  • Delete a namespace:
    CAUTION This action cannot be undone.
    kubectl delete namespace

Reserved Namespaces

Reserved namespaces are already in use by HPE Ezmeral Runtime Enterprise. You cannot adopt reserved namespaces for your Kubernetes tenants.

If you deploy optional add-ons, HPE Ezmeral Runtime Enterprise reserves additional namespaces.

Platform and Cluster Administrators can query a deployed cluster for the reserved namespaces with the following command:
kubectl get hpecpconfig -n hpecp -o jsonpath='{.items[0].spec.reservedNamespaceNames}' | tr , ' ' | tr -d '[]'

The HPE Ezmeral Runtime Enterprise default reserved namespaces are:

  • airflow-base
  • airflowop-system
  • argocd
  • auth
  • cert-manager
  • default
  • ezctl
  • ezmysql
  • ezml-model-mgmt
  • gatekeeper-system
  • hpe-csi
  • hpe-externalclusterinfo
  • hpe-ldap
  • hpe-nfscsi
  • hpe-nodesvc
  • hpe-secure
  • hpe-sparkoperator
  • hpe-storage
  • hpe-system
  • hpe-templates-compute
  • hpecp
  • hpecp-bootstrap
  • hpecp-cert-manager
  • hpecp-falco
  • hpecp-observability
  • istio-system
  • kd-apps
  • kd-mlops
  • kd-spark
  • kiali-operator
  • knative-eventing
  • knative-serving
  • kube-node-lease
  • kube-public
  • kube-system
  • kubeflow
  • kubeflow-jobs
  • kubeflow-operator
  • kubeflow-user-example-com
  • kubernetes-dashboard
  • mapr-external-info
  • prism-ns
  • velero

If a Kubernetes Data Fabric cluster is deployed, HPE Ezmeral Runtime Enterprise also reserves the namespace corresponding to the name of the Data Fabric cluster.

For example, if a Data Fabric cluster is named df-cluster, HPE Ezmeral Runtime Enterprise reserves the df-cluster namespace.