Namespace with multiple Clusters

#1

I have read that namespaces split a cluster logically. This leads me to believe that a Cluster can have many namespaces and a namespace would belong to only one cluster

Can a namespace span across multiple clusters?

#2

This is a somewhat philosophical question, and really relates to projects that build on top of kubernetes proper.

Kubernetes mostly stops at the edge of a cluster, today. Efforts like federation are looking to find ways to join clusters and build up.

The question I think you are asking is “if I have a group of clusters, and all of those clusters have a ‘foo’ namespace, is it the same meaning across those clusters?”. We can add to that – what does “same meaning” mean? Does it mean same RBAC? Does it mean same network policies? The concrete matters.

This comes down to what those clusters represent and how you as an organization think about them. Concretely, we have seen a couple main ways to use clusters and namespaces in the wild.

  1. Single or multiple cluster per service/app. Many of these clusters just use the ‘default’ namespace and they really do run one primary app or service. If you “join” these clusters, it’s pretty clear that the ‘default’ namespace is NOT the same meaning.

  2. Shared clusters, namespaces per service or per app. If you “join” these clusters, it’s plausible that the ‘foo’ namespace is in fact the same meaning across them – if you were careful about naming them.

These are not strictly mutually exclusive (you could do cluster per service and still name your namespaces carefully), but in practice are often not aligned.

So to your question, can a namespace span clusters? It can, if you want it to and if the multi-cluster concept you are talking about agrees with you.

Now, should KUBERNETES take a stronger position on this? Maybe. We’ve heard many many users ask “how should I use namespaces” and we have always been reluctant to be proscriptive. In MY OWN opinion, we should be.

#3

Thanks Tim, we are looking at a way to report Namespace and list out clusters per namespace but I wanted to verify that this concept exists.