Isolate your workloads using namespaces

This page shows you how to improve the reliability and performance of your clusters by identifying workloads that are running in the default namespace and moving those workloads to dedicated namespaces.

About namespaces

In Kubernetes, namespaces let you isolate groups of resources within a single cluster. Resource names must be unique within a namespace, but not across namespaces.

About the default namespace

Kubernetes creates a namespace named default when you create a cluster and uses this namespace for all resources by default. We don't recommend using the default namespace for your workloads for a production cluster.

If you deploy workloads to the default namespace, you expose them to the following risks:

• Degraded workload performance caused by noisy neighbor problems or resource exhaustion due to shared resources (CPU, memory) and network.
• Disruptions caused by accidental naming collisions and interactions between environments.
• Weaker security posture due to insufficient isolation of access permissions and network.
• Inefficient cluster resource use caused by overcrowding the default namespace over time and the difficulty of isolated cleanup.

Why deploy workloads to dedicated namespaces?

The benefits of deploying workloads to dedicated namespaces include the following:

• Increased reliability and performance stabilityachieved by resource isolation with namespace-bound memory and CPU resource quotas , lowering the risk of the noisy neighbor problem and resource exhaustion.
• Enhanced securitywith namespace-scoped access controls that adhere to the principle of least privilege using RBAC authorization , and with namespace-scoped network policies that isolate network communication between applications.

• Simplified management and operationsby doing the following:

  • Reduce naming collisions between different workloads or teams that share the same cluster.
  • Isolate observability.
  • Narrow down troubleshooting and debugging.
  • Attribute and optimize cost.
  • Target operations to a specific namespace without affecting the rest of the cluster.

• Multi-tenancyfor organizing and isolating cluster resources and policies by applications, environments and teams.

Inspect the default namespace of a specific cluster

To check for workloads running in the default namespace of a specific cluster, inspect the default namespace for a cluster:

1. Go to the Workloadspage.

   Go to Workloads

2. In the Clusterfield, enter the name of the cluster.

3. In the Namespacefield, enter default .

Migrate a workload to a dedicated namespace

After you identify workloads running in the default namespace, migrate them to a dedicated namespace to achieve higher reliability, more stable performance, and enhanced security.

What's next

• Sync objects to multiple namespaces
• Managing a GKE Multi-tenant Cluster with Namespaces
• Enable access and view cluster resources by namespace