Skip to content
Latchkey

What Is a Namespace in Kubernetes? Logical Cluster Partitions

A Kubernetes namespace is a logical partition within a cluster - a way to group resources, scope names, and apply quotas and access control to a slice of the cluster.

A single cluster often hosts many teams, environments, or apps. Namespaces let you carve that cluster into logical sections so resources do not collide and policies can target each section. They are an organizational and policy boundary, not a hard security wall like a node or VM.

What a namespace scopes

Most objects - pods, Services, Deployments, ConfigMaps - live in a namespace, and their names must be unique only within it. So web in staging and web in prod are distinct objects in the same cluster.

What it does not isolate

Namespaces do not provide strong security isolation by themselves. Network policies, RBAC, and resource quotas applied per namespace add the real boundaries; the namespace is the unit those policies attach to.

Cluster-scoped vs namespaced

Some objects (Nodes, PersistentVolumes, the namespaces themselves) are cluster-scoped and live outside any namespace. Most workload objects are namespaced.

Common patterns

  • Per-environment namespaces (dev, staging, prod).
  • Per-team namespaces with RBAC and quotas.
  • Per-application namespaces for isolation and tidy cleanup.

Namespaces in CI/CD

Pipelines target a specific namespace with kubectl -n <ns> apply or a Helm release per namespace. Ephemeral preview environments are often spun up as their own namespace per pull request, then torn down.

Key takeaways

  • A namespace is a logical partition that scopes names and policies in a cluster.
  • It is an organizational boundary; RBAC, quotas, and network policy add real isolation.
  • CI/CD targets namespaces per environment, team, or preview deploy.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →