namespaces

Jan 1, 0001

Definition

Namespaces are a method of isolating and organizing resources within a computing environment, such as Kubernetes or Linux. They provide a way to create separate environments that can operate independently, allowing for resource management, access control, and security boundaries. In Kubernetes, namespaces are used to divide cluster resources between multiple users, while in Linux, namespaces are used to isolate processes and system resources.

Secure Settings Example

apiVersion: v1
kind: Namespace
metadata:
  name: secure-namespace
  labels:
    purpose: production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: secure-namespace
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: secure-namespace
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Insecure Settings Example

apiVersion: v1
kind: Namespace
metadata:
  name: insecure-namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: insecure-namespace
  name: admin
rules:
- apiGroups: [""]
  resources: ["*"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: admin-binding
  namespace: insecure-namespace
subjects:
- kind: User
  name: john
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: admin
  apiGroup: rbac.authorization.k8s.io

namespaces

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter