Each Service belongs to a single Namespace. Namespaces are a way of grouping a collection of Services according to a common functionality (e.g. project names, environments such as production or staging, regions, etc...) and you are free to create as many Namespaces as you want. A Namespace also affects the domain name of Services as it acts as the parent domain for Services belonging to it (read more about Service DNS here). By default, if you do not explicitly specify a Namespace, the Service will automatically belong to the default Namespace which is created automatically upon the Cluster's installation. Here is an example for a Service that belongs to the default Namespace:
1kind: Service2metadata:3name: webapp4spec:5mode: WEB6config:7upstream:8url: http://nginx.local
Creating a Namespace
You can create a Namespace as follows:
1kind: Namespace2metadata:3name: production4spec: {}
Here is an example of a Service with the same name (i.e. webapp) but belongs to the Namespace production we just created:
1kind: Service2metadata:3name: webapp.production4spec:5mode: WEB6config:7upstream:8url: http://nginx.local
Policies
Policies (read more about Policies and access control here) can be created and/or attached to Namespaces where they can act as resource-based policies for all the Services belonging to a certain Namespace. Here is an example:
1kind: Namespace2metadata:3name: production4spec:5authorization:6policies: ["policy-1", "policy-2"]7inlinePolicies:8- spec:9rules:10- effect: ALLOW11condition:12match: '"group-1" in ctx.user.spec.groups'