Skip to main content

Overview

Namespaces provide logical isolation for Kubernetes resources. Orphelix allows you to filter views by namespace, switch between namespaces, and view resources across multiple namespaces. Namespace Selector

What are Namespaces?

Kubernetes namespaces partition cluster resources:

Isolation

Separate resources by environment, team, or application

Access Control

Apply RBAC policies per namespace

Resource Quotas

Limit CPU/memory usage per namespace

Name Scoping

Same resource names in different namespaces

Default Namespaces

Every Kubernetes cluster has these namespaces:
Purpose: Default namespace for resources without explicit namespaceUsage: Development, testing, or small deploymentsBest practice: Don’t use for production
Purpose: Kubernetes system componentsResources:
  • kube-dns / CoreDNS
  • kube-proxy
  • Metrics server
  • Cloud provider components
Access: Usually restricted to cluster admins
Purpose: Publicly readable resourcesUsage: ConfigMaps accessible cluster-wideRare use case
Purpose: Node heartbeat objectsUsage: Internal Kubernetes node trackingDon’t modify

Namespace Selector

Switch namespaces from the header: Namespace Dropdown

Location

The namespace selector appears in two places:
  1. Header (top-right): Global namespace selection
  2. Mode selector dialog: When switching from Demo to Real mode

Selecting a Namespace

1

Click Namespace Dropdown

Click current namespace name in header
2

Choose Namespace

Select from list of available namespacesNamespace List
3

Wait for Reload

Resources reload for selected namespace (1-2 seconds)
4

Verify

Check header shows correct namespaceAll pages now show resources from selected namespace
Namespace selection persists across browser sessions

Namespace Information

Each namespace in the dropdown shows:
  • Name: Namespace identifier
  • Status: Active or Terminating
  • Resource Count: Number of pods in namespace
  • Labels: Important labels (environment, team, etc.)
Example display: 
📦 production (25 pods)
   env=prod, team=platform

📦 staging (12 pods)
   env=staging, team=platform

📦 development (8 pods)
   env=dev, team=platform

All Namespaces View

View resources across all namespaces:
Option 1: Select “All Namespaces” from dropdownOption 2: Check “All Namespaces” checkbox (where available)

Namespace Details Page

View comprehensive namespace information: Namespace Detail

Overview Section

1

Basic Information

  • Name: Namespace name
  • Status: Active, Terminating
  • Created: Creation timestamp
  • Labels: All namespace labels
  • Annotations: Namespace annotations
2

Resource Counts

Number of resources in namespace:
  • Deployments
  • StatefulSets
  • DaemonSets
  • Pods
  • Services
  • ConfigMaps
  • Secrets
  • HPAs
3

Resource Quotas

CPU/memory limits and usage:Resource QuotasQuota cards show:
  • CPU requests/limits
  • Memory requests/limits
  • Pod count limits
  • PVC count/storage limits
  • Current usage vs quota
  • Percentage used (progress bar)

Resource Quotas

Namespaces can have ResourceQuota objects limiting usage: 
apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
  namespace: production
spec:
  hard:
    requests.cpu: "10"
    requests.memory: "20Gi"
    limits.cpu: "20"
    limits.memory: "40Gi"
    pods: "50"
Orphelix displays: 
CPU Requests: 7.5 / 10 cores (75%)
CPU Limits: 15 / 20 cores (75%)

[████████████████████░░░░░] 75%
  • Green: < 70% used
  • Yellow: 70-90% used
  • Red: > 90% used

Limit Ranges

LimitRange objects set default/min/max resource values: 
apiVersion: v1
kind: LimitRange
metadata:
  name: resource-limits
  namespace: production
spec:
  limits:
  - type: Container
    default:
      cpu: "500m"
      memory: "512Mi"
    defaultRequest:
      cpu: "250m"
      memory: "256Mi"
    max:
      cpu: "2"
      memory: "2Gi"
    min:
      cpu: "100m"
      memory: "128Mi"
Orphelix shows:
  • Default requests/limits (applied if not specified)
  • Min/max values (prevents pods outside range)
  • Affects new pods only (not existing)

Creating Namespaces

kubectl create namespace production

Namespace Organization Strategies

By Environment

namespaces:
  - development
  - staging
  - production
Pros:
  • Clear environment separation
  • Easy to understand
  • Simple RBAC policies
Cons:
  • Limited scalability
  • All apps mixed per environment

By Team

namespaces:
  - team-platform
  - team-frontend
  - team-backend
  - team-data
Pros:
  • Team ownership clear
  • Independent team workflows
  • Isolated team quotas
Cons:
  • Multiple deployments per team
  • Cross-team dependencies complex

By Application

namespaces:
  - app-api-gateway
  - app-user-service
  - app-order-service
  - app-payment-service
Pros:
  • Clear app boundaries
  • Easy to track app resources
  • Independent scaling
Cons:
  • Many namespaces
  • Shared services complicated

Hybrid (Environment + Application)

namespaces:
  - prod-api-gateway
  - prod-user-service
  - staging-api-gateway
  - staging-user-service
  - dev-api-gateway
  - dev-user-service
Pros:
  • Complete isolation
  • Clear environment + app
  • Flexible RBAC
Cons:
  • Namespace explosion
  • Management overhead

RBAC and Namespaces

Control who can access each namespace:

Namespace-scoped Roles

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer
  namespace: development
rules:
- apiGroups: ["", "apps"]
  resources: ["pods", "deployments", "services"]
  verbs: ["get", "list", "watch", "create", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: developers
  namespace: development
subjects:
- kind: Group
  name: developers
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: developer
  apiGroup: rbac.authorization.k8s.io
Effect: Developers can manage resources in development namespace only

Read-only Access

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: viewer
  namespace: production
rules:
- apiGroups: ["", "apps"]
  resources: ["*"]
  verbs: ["get", "list", "watch"]
Effect: View all resources but cannot modify

Cross-namespace Access

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: multi-namespace-viewer
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: viewer-prod
  namespace: production
roleRef:
  kind: ClusterRole
  name: multi-namespace-viewer
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
  name: alice
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: viewer-staging
  namespace: staging
roleRef:
  kind: ClusterRole
  name: multi-namespace-viewer
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
  name: alice
Effect: Alice can view resources in both production and staging

Best Practices

Clear namespace naming convention:✅ Good:
  • prod-api-gateway
  • staging-user-service
  • dev-data-pipeline
❌ Bad:
  • ns1
  • test
  • myapp
Prevent resource exhaustion:
apiVersion: v1
kind: ResourceQuota
metadata:
  name: quota
  namespace: development
spec:
  hard:
    requests.cpu: "10"
    requests.memory: "20Gi"
    pods: "50"
Use LimitRanges for consistency:
apiVersion: v1
kind: LimitRange
metadata:
  name: defaults
  namespace: production
spec:
  limits:
  - type: Container
    default:
      memory: "512Mi"
      cpu: "500m"
    defaultRequest:
      memory: "256Mi"
      cpu: "250m"
Add metadata for filtering/reporting:
metadata:
  labels:
    environment: production
    team: platform
    cost-center: "12345"
    compliance: pci-dss
Use annotations:
metadata:
  annotations:
    description: "Production API Gateway service"
    owner: "platform-team@example.com"
    slack-channel: "#platform-alerts"
Balance isolation vs complexity:
  • Too few: No isolation
  • Too many: Management overhead
Typical: 5-20 namespaces per cluster

Troubleshooting

Namespace Stuck in Terminating

Symptom: kubectl delete namespace hangs Cause: Finalizers preventing deletion Solution:
1

Check Finalizers

kubectl get namespace <name> -o yaml
Look for spec.finalizers
2

Remove Finalizers

kubectl get namespace <name> -o json \
  | jq '.spec.finalizers=[]' \
  | kubectl replace --raw "/api/v1/namespaces/<name>/finalize" -f -
3

Force Delete

If still stuck:
kubectl delete namespace <name> --force --grace-period=0

Resource Quota Exceeded

Symptom: Cannot create pods - “exceeded quota” Check: 
kubectl describe resourcequota -n <namespace>
Solutions:
  1. Increase Quota 
    kubectl edit resourcequota compute-quota -n <namespace>
  2. Delete Unused Resources 
    kubectl delete deployment <old-deployment> -n <namespace>
  3. Reduce Resource Requests 
    resources:
  requests:
    cpu: "250m"  # Was 500m
    memory: "256Mi"  # Was 512Mi

Cannot Access Namespace

Symptom: “Forbidden” errors Check RBAC: 
kubectl auth can-i get pods -n <namespace>
Solution: Request access from cluster admin

Next Steps

Cluster Connection

Configure cluster access

Settings

Customize Orphelix settings

Deployments

View namespace resources

Dashboard

Monitor namespace usage