Overview Namespaces provide logical isolation for Kubernetes resources. Orphelix allows you to filter views by namespace, switch between namespaces, and view resources across multiple namespaces.
What are Namespaces? Kubernetes namespaces partition cluster resources:
Isolation Separate resources by environment, team, or application
Access Control Apply RBAC policies per namespace
Resource Quotas Limit CPU/memory usage per namespace
Name Scoping Same resource names in different namespaces
Default Namespaces Every Kubernetes cluster has these namespaces:
Purpose: Default namespace for resources without explicit namespaceUsage: Development, testing, or small deploymentsBest practice: Don’t use for production
Purpose: Kubernetes system componentsResources:
kube-dns / CoreDNS
kube-proxy
Metrics server
Cloud provider components
Access: Usually restricted to cluster admins
Purpose: Publicly readable resourcesUsage: ConfigMaps accessible cluster-wideRare use case
Purpose: Node heartbeat objectsUsage: Internal Kubernetes node trackingDon’t modify
Namespace Selector Switch namespaces from the header:
Location The namespace selector appears in two places:
Header (top-right) : Global namespace selectionMode selector dialog : When switching from Demo to Real mode
Selecting a Namespace
Click Namespace Dropdown
Click current namespace name in header
Choose Namespace
Select from list of available namespaces
Wait for Reload
Resources reload for selected namespace (1-2 seconds)
Verify
Check header shows correct namespace All pages now show resources from selected namespace
Namespace selection persists across browser sessions
Each namespace in the dropdown shows:
Name : Namespace identifierStatus : Active or TerminatingResource Count : Number of pods in namespaceLabels : Important labels (environment, team, etc.)
Example display: 📦 production (25 pods) env=prod, team=platform 📦 staging (12 pods) env=staging, team=platform 📦 development (8 pods) env=dev, team=platform
All Namespaces View View resources across all namespaces:
Enable
Behavior
Permissions
Option 1: Select “All Namespaces” from dropdownOption 2: Check “All Namespaces” checkbox (where available)
When enabled:
Lists resources from ALL accessible namespaces
Adds “Namespace” column to tables
Useful for cluster-wide overview
Can be slow on large clusters with many namespaces
Requires RBAC permissions: apiVersion : rbac.authorization.k8s.io/v1 kind : ClusterRole metadata : name : namespace-reader rules : - apiGroups : [ "" ] resources : [ "namespaces" ] verbs : [ "list" , "get" ]
Namespace Details Page View comprehensive namespace information:
Overview Section
Basic Information
Name : Namespace nameStatus : Active, TerminatingCreated : Creation timestampLabels : All namespace labelsAnnotations : Namespace annotations
Resource Counts
Number of resources in namespace:
Deployments
StatefulSets
DaemonSets
Pods
Services
ConfigMaps
Secrets
HPAs
Resource Quotas
CPU/memory limits and usage: Quota cards show:
CPU requests/limits
Memory requests/limits
Pod count limits
PVC count/storage limits
Current usage vs quota
Percentage used (progress bar)
Resource Quotas Namespaces can have ResourceQuota objects limiting usage:
apiVersion : v1 kind : ResourceQuota metadata : name : compute-quota namespace : production spec : hard : requests.cpu : "10" requests.memory : "20Gi" limits.cpu : "20" limits.memory : "40Gi" pods : "50"
Orphelix displays: CPU Quota
Memory Quota
Pod Count
Storage
CPU Requests: 7.5 / 10 cores (75%) CPU Limits: 15 / 20 cores (75%) [████████████████████░░░░░] 75%
Green: < 70% used
Yellow: 70-90% used
Red: > 90% used
Memory Requests: 15 GB / 20 GB (75%) Memory Limits: 30 GB / 40 GB (75%) [████████████████████░░░░░] 75%
Pods: 42 / 50 (84%) [███████████████████████░░] 84%
Warning when approaching limit PVCs: 15 / 20 (75%) Storage: 450 GB / 500 GB (90%) [█████████████████████████] 90%
Limit Ranges LimitRange objects set default/min/max resource values:
apiVersion : v1 kind : LimitRange metadata : name : resource-limits namespace : production spec : limits : - type : Container default : cpu : "500m" memory : "512Mi" defaultRequest : cpu : "250m" memory : "256Mi" max : cpu : "2" memory : "2Gi" min : cpu : "100m" memory : "128Mi"
Orphelix shows:
Default requests/limits (applied if not specified)
Min/max values (prevents pods outside range)
Affects new pods only (not existing)
Creating Namespaces kubectl create namespace production
apiVersion : v1 kind : Namespace metadata : name : production labels : environment : prod team : platform
Apply: kubectl apply -f namespace.yaml
apiVersion : v1 kind : Namespace metadata : name : production --- apiVersion : v1 kind : ResourceQuota metadata : name : compute-quota namespace : production spec : hard : requests.cpu : "10" requests.memory : "20Gi" pods : "50" --- apiVersion : v1 kind : LimitRange metadata : name : resource-limits namespace : production spec : limits : - type : Container default : cpu : "500m" memory : "512Mi" defaultRequest : cpu : "250m" memory : "256Mi"
Namespace Organization Strategies By Environment namespaces: - development - staging - production
Pros:
Clear environment separation
Easy to understand
Simple RBAC policies
Cons:
Limited scalability
All apps mixed per environment
By Team namespaces: - team-platform - team-frontend - team-backend - team-data
Pros:
Team ownership clear
Independent team workflows
Isolated team quotas
Cons:
Multiple deployments per team
Cross-team dependencies complex
By Application namespaces: - app-api-gateway - app-user-service - app-order-service - app-payment-service
Pros:
Clear app boundaries
Easy to track app resources
Independent scaling
Cons:
Many namespaces
Shared services complicated
Hybrid (Environment + Application) namespaces: - prod-api-gateway - prod-user-service - staging-api-gateway - staging-user-service - dev-api-gateway - dev-user-service
Pros:
Complete isolation
Clear environment + app
Flexible RBAC
Cons:
Namespace explosion
Management overhead
RBAC and Namespaces Control who can access each namespace:
Namespace-scoped Roles apiVersion : rbac.authorization.k8s.io/v1 kind : Role metadata : name : developer namespace : development rules : - apiGroups : [ "" , "apps" ] resources : [ "pods" , "deployments" , "services" ] verbs : [ "get" , "list" , "watch" , "create" , "update" , "delete" ] --- apiVersion : rbac.authorization.k8s.io/v1 kind : RoleBinding metadata : name : developers namespace : development subjects : - kind : Group name : developers apiGroup : rbac.authorization.k8s.io roleRef : kind : Role name : developer apiGroup : rbac.authorization.k8s.io
Effect: Developers can manage resources in development namespace onlyRead-only Access apiVersion : rbac.authorization.k8s.io/v1 kind : Role metadata : name : viewer namespace : production rules : - apiGroups : [ "" , "apps" ] resources : [ "*" ] verbs : [ "get" , "list" , "watch" ]
Effect: View all resources but cannot modifyCross-namespace Access apiVersion : rbac.authorization.k8s.io/v1 kind : ClusterRole metadata : name : multi-namespace-viewer rules : - apiGroups : [ "" ] resources : [ "pods" , "services" ] verbs : [ "get" , "list" , "watch" ] --- apiVersion : rbac.authorization.k8s.io/v1 kind : RoleBinding metadata : name : viewer-prod namespace : production roleRef : kind : ClusterRole name : multi-namespace-viewer apiGroup : rbac.authorization.k8s.io subjects : - kind : User name : alice --- apiVersion : rbac.authorization.k8s.io/v1 kind : RoleBinding metadata : name : viewer-staging namespace : staging roleRef : kind : ClusterRole name : multi-namespace-viewer apiGroup : rbac.authorization.k8s.io subjects : - kind : User name : alice
Effect: Alice can view resources in both production and stagingBest Practices
Clear namespace naming convention: ✅ Good:
prod-api-gatewaystaging-user-servicedev-data-pipeline ❌ Bad:
Prevent resource exhaustion: apiVersion : v1 kind : ResourceQuota metadata : name : quota namespace : development spec : hard : requests.cpu : "10" requests.memory : "20Gi" pods : "50"
Use LimitRanges for consistency: apiVersion : v1 kind : LimitRange metadata : name : defaults namespace : production spec : limits : - type : Container default : memory : "512Mi" cpu : "500m" defaultRequest : memory : "256Mi" cpu : "250m"
Add metadata for filtering/reporting: metadata : labels : environment : production team : platform cost-center : "12345" compliance : pci-dss
Document Namespace Purpose
Use annotations: metadata : annotations : description : "Production API Gateway service" owner : "platform-team@example.com" slack-channel : "#platform-alerts"
Balance isolation vs complexity:
Too few: No isolation
Too many: Management overhead
Typical: 5-20 namespaces per cluster Troubleshooting Namespace Stuck in Terminating Symptom: kubectl delete namespace hangsCause: Finalizers preventing deletionSolution:
Check Finalizers
kubectl get namespace < nam e > -o yaml
Look for spec.finalizers
Remove Finalizers
kubectl get namespace < nam e > -o json \ | jq '.spec.finalizers=[]' \ | kubectl replace --raw "/api/v1/namespaces/<name>/finalize" -f -
Force Delete
If still stuck: kubectl delete namespace < nam e > --force --grace-period=0
Resource Quota Exceeded Symptom: Cannot create pods - “exceeded quota”Check: kubectl describe resourcequota -n < namespac e >
Solutions:
Increase Quota kubectl edit resourcequota compute-quota -n < namespac e >
Delete Unused Resources kubectl delete deployment < old-deploymen t > -n < namespac e >
Reduce Resource Requests resources : requests : cpu : "250m" # Was 500m memory : "256Mi" # Was 512Mi
Cannot Access Namespace Symptom: “Forbidden” errorsCheck RBAC: kubectl auth can-i get pods -n < namespac e >
Solution: Request access from cluster adminNext Steps
Cluster Connection Configure cluster access
Settings Customize Orphelix settings
Deployments View namespace resources
Dashboard Monitor namespace usage
