2018-06-11
Namespace Scope
Should I use:
- ❌ one namespace per user/developer?
- ❌ one namespace per team?
- ❌ one per service type?
- ❌ one namespace per application type?
- 😄 one namespace per running instance of your application?
Apply the Principle of Least Privilege
All user accounts should run at all times as few privileges as possible, and also
launch applications with as few privileges as possible. If you share a cluster for
different user separated by a namespace
, all user has access to all namespaces
and
services per default. It can happen that a user accidentally uses and destroys the
namespace
of a productive application or the namespace
of another developer.
Keep in mind: By default namespaces don’t provide:
- Network isolation
- Access Control
- Audit Logging on user level