8th Week :- What Are Namespaces and ClusterIP & Why They Matter
Lav kushwahaTable of contents
- π What is a Namespace?
- π― Why Use Namespaces?
- π οΈ How Namespaces Work in Kubernetes
- π Default Namespaces in Kubernetes
- π§ͺ Example Use Cases
- π§Ύ Common Namespace Commands (with Examples)
- β 1. View All Namespaces
- ποΈ 2. Create a Namespace
- π 3. Deploy in a Specific Namespace
- π 4. View Resources in a Namespace
- π§Ή 5. Delete a Namespace (β οΈ This deletes all resources in it!)
- π 6. Set a Default Namespace for kubectl (Optional)
- π 7. View YAML of a Namespace
- π¦ 8. Create Namespace via YAML
- βοΈ Namespaces vs. Labels β Whatβs the Difference?
- π§ Limitations of Namespaces
- π¦ Why Use ClusterIP?
- π οΈ How ClusterIP Works (Step-by-Step)
- π Sample Deployment + ClusterIP Service
- π How to Find ClusterIP
- π What is the URL for ClusterIP?
- π How ClusterIP is Resolved Behind the Scenes
- π₯ Bonus: Port Forward for Local Access
- β Key Points Summary
- π§ Real-World Use Cases
π What is a Namespace?
A namespace in Kubernetes is like a virtual cluster inside a physical cluster. It allows you to divide cluster resources between multiple users, teams, or environments.
Analogy: Think of a single Kubernetes cluster as a building. Each namespace is a separate room. The rooms share the building, but what's inside them is separate.
π― Why Use Namespaces?
Hereβs why namespaces are extremely useful:
| Purpose | Description |
| Isolation | Keep different environments (dev, test, prod) separated. |
| Organization | Group resources (pods, services, configmaps, etc.) by project or team. |
| Access Control | Apply role-based access (RBAC) rules specific to each namespace. |
| Resource Quotas | Set memory/CPU limits per namespace to avoid resource hogging. |
| Clean Separation | Makes it easier to manage and delete groups of related resources. |
π οΈ How Namespaces Work in Kubernetes
When you create a namespace, it becomes a logical boundary. Any resource created inside it will only interact with other resources in the same namespace unless explicitly configured otherwise.
For example:
A Service in namespace
devwon't find a Pod in namespaceprod.You can have the same name for different resources as long as they're in different namespaces.
π Default Namespaces in Kubernetes
Kubernetes comes with a few namespaces by default:
| Namespace | Purpose |
default | Used when no namespace is specified. |
kube-system | For system components like kube-dns, kube-proxy. |
kube-public | Readable by all users (even unauthenticated). |
kube-node-lease | Manages node heartbeat leases in large clusters. |
π§ͺ Example Use Cases
dev,staging,prodβ isolate environments.team-a,team-bβ assign different namespaces for each team.qa-namespaceβ for testing automation tools without interfering with production.
π§Ύ Common Namespace Commands (with Examples)
Letβs walk through practical kubectl commands:
β 1. View All Namespaces
kubectl get namespaces
ποΈ 2. Create a Namespace
kubectl create namespace dev
π 3. Deploy in a Specific Namespace
kubectl apply -f app.yaml -n dev
If your manifest doesn't specify a namespace, it defaults to default.
π 4. View Resources in a Namespace
kubectl get pods -n dev
kubectl get services -n staging
π§Ή 5. Delete a Namespace (β οΈ This deletes all resources in it!)
kubectl delete namespace dev
π 6. Set a Default Namespace for kubectl (Optional)
kubectl config set-context --current --namespace=dev
Now you donβt need -n dev in every command.
π 7. View YAML of a Namespace
kubectl get namespace dev -o yaml
π¦ 8. Create Namespace via YAML
# dev-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev
kubectl apply -f dev-namespace.yaml
βοΈ Namespaces vs. Labels β Whatβs the Difference?
| Feature | Namespaces | Labels |
| Purpose | Grouping & isolating resources | Tagging resources for selection |
| Scope | Broad (organizational) | Fine-grained (logical) |
| Use Case | Separate dev/test/prod | Select pods in a Deployment or Service |
π§ Limitations of Namespaces
Not all resources are namespaced (e.g.,
nodes,persistentvolumes).Cross-namespace communication requires explicit configuration.
Namespace doesnβt provide network isolation by default (needs additional tools like NetworkPolicies).
π¦ Why Use ClusterIP?
You have a backend (like a database or an API service) that should only be accessed by other services or pods.
You want a stable DNS name and IP to reach your Pods (which might die/restart).
It load balances traffic internally to healthy Pod endpoints.
π οΈ How ClusterIP Works (Step-by-Step)
You create a Deployment (e.g., a Node.js app).
You expose it using a Service of type
ClusterIP.Kubernetes assigns a stable virtual IP address (ClusterIP) to that service.
DNS is auto-generated (e.g.,
my-service.default.svc.cluster.local).Other Pods can access the service using:
the ClusterIP (e.g.,
10.96.182.1)the DNS name (recommended)
β οΈ The ClusterIP is only reachable from within the cluster. You canβt
curlit from your local machine directly.
π Sample Deployment + ClusterIP Service
Hereβs a simple example using an NGINX deployment.
1. nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
2. nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
type: ClusterIP
ports:
- port: 80
targetPort: 80
Apply both:
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
π How to Find ClusterIP
Once applied, use this command:
kubectl get service nginx-service
Output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service ClusterIP 10.96.182.1 <none> 80/TCP 5m
π’ 10.96.182.1 is the ClusterIP β accessible only from inside the cluster.
π What is the URL for ClusterIP?
The URL follows this DNS format inside Kubernetes:
<service-name>.<namespace>.svc.cluster.local
So in our case:
http://nginx-service.default.svc.cluster.local
β This URL will resolve to the ClusterIP and forward traffic to your NGINX pods (load-balanced).
You can test it from another pod inside the cluster:
kubectl run test-pod --rm -i -t --image=busybox -- /bin/sh
Then:
wget -qO- nginx-service.default.svc.cluster.local
If you see HTML, it means it worked!
π How ClusterIP is Resolved Behind the Scenes
Kube-DNS/CoreDNS maintains records like:
nginx-service.default.svc.cluster.local β 10.96.182.1When your app sends a request to the service DNS, Kubernetes resolves it to the ClusterIP.
The ClusterIP is then routed via
iptablesorIPVSrules to the correct backend pods.
π₯ Bonus: Port Forward for Local Access
Since ClusterIP is internal, you can't access it from your PC. But you can port-forward like this:
kubectl port-forward service/nginx-service 8080:80
Now you can open:
http://localhost:8080
β This is useful for debugging internal services locally.
β Key Points Summary
| Feature | Description |
| Type | ClusterIP |
| Purpose | Internal-only access |
| Default? | Yes |
| URL Format | http://<service>.<namespace>.svc.cluster.local |
| Find IP | kubectl get service |
| Outside Access | β Not allowed |
| Port Forwarding | β Yes |
π§ Real-World Use Cases
| Use Case | Why ClusterIP? |
| Database service | Protect from external access |
| Internal API | Only backend/frontend services call it |
| Microservices mesh | Internal-only communication |
Subscribe to my newsletter
Read articles from Lav kushwaha directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by