Namespaces

Within Rancher, you can further divide projects into different namespaces, which are virtual clusters within a project backed by a physical cluster. Should you require another level of organization beyond projects and the default namespace, you can use multiple namespaces to isolate applications and resources.

Although you assign resources at the project level so that each namespace in the project can use them, you can override this inheritance by assigning resources explicitly to a namespace.

Resources that you can assign directly to namespaces include:

To manage permissions in a vanilla Kubernetes cluster, cluster admins configure role-based access policies for each namespace. With Rancher, user permissions are assigned on the project level instead, and permissions are automatically inherited by any namespace owned by the particular project.

Namespaces - 图1note

If you create a namespace with kubectl, it may be unusable because kubectl doesn’t require your new namespace to be scoped within a project that you have access to. If your permissions are restricted to the project level, it is better to create a namespace through Rancher to ensure that you will have permission to access the namespace.

Creating Namespaces

Create a new namespace to isolate apps and resources in a project.

Namespaces - 图2tip

When working with project resources that you can assign to a namespace (i.e., workloads, certificates, ConfigMaps, etc.) you can create a namespace on the fly.

  1. In the upper left corner, click ☰ > Cluster Management.

  2. On the Clusters page, go to the cluster where you want to create a namespace and click Explore.

  3. Click Cluster > Projects/Namespaces.

  4. Go to the project where you want to add a namespace and click Create Namespace. Alternately, go to Not in a Project to create a namespace not associated with a project.

  5. Optional: If your project has Resource Quotas in effect, you can override the default resource Limits (which places a cap on the resources that the namespace can consume).

  6. Enter a Name and then click Create.

Result: Your namespace is added to the project. You can begin assigning cluster resources to the namespace.

Moving Namespaces to Another Project

Cluster admins and members may occasionally need to move a namespace to another project, such as when you want a different team to start using the application.

  1. In the upper left corner, click ☰ > Cluster Management.

  2. On the Clusters page, go to the cluster where you want to move a namespace and click Explore.

  3. Click Cluster > Projects/Namespaces.

  4. Go to the namespace you want to move and click ⋮ > Move.

  5. Select the namespace(s) that you want to move to a different project. Then click Move. You can move multiple namespaces at one.

    Namespaces - 图3Notes:

    • Don’t move the namespaces in the System project. Moving these namespaces can adversely affect cluster networking.
    • You cannot move a namespace into a project that already has a resource quotaconfigured.
    • If you move a namespace from a project that has a quota set to a project with no quota set, the quota is removed from the namespace.
  6. Choose a new project for the new namespace and then click Move. Alternatively, you can remove the namespace from all projects by selecting None.

Result: Your namespace is moved to a different project (or is unattached from all projects). If any project resources are attached to the namespace, the namespace releases them and then attached resources from the new project.

Editing Namespace Resource Quotas

You can always override the namespace default limit to provide a specific namespace with access to more (or less) project resources.

For more information, see how to edit namespace resource quotas.