This page shows you how to improve the reliability and performance of your clusters by identifying workloads that are running in the default namespace and moving those workloads to dedicated namespaces.
About namespaces
In Kubernetes, namespaces let you isolate groups of resources within a single cluster. Resource names must be unique within a namespace, but not across namespaces.
About the default namespace
Kubernetes creates a namespace named default when you create a cluster and
uses this namespace for all resources by default. We don't recommend using the
default namespace for your workloads for a production cluster.
If you deploy workloads to the default namespace, you expose them to the
following risks:
- Degraded workload performance caused by noisy neighbor problems or resource exhaustion due to shared resources (CPU, memory) and network.
- Disruptions caused by accidental naming collisions and interactions between environments.
- Weaker security posture due to insufficient isolation of access permissions and network.
- Inefficient cluster resource use caused by overcrowding the
defaultnamespace over time and the difficulty of isolated cleanup.
Why deploy workloads to dedicated namespaces?
The benefits of deploying workloads to dedicated namespaces include the following:
- Increased reliability and performance stability achieved by resource isolation with namespace-bound memory and CPU resource quotas, lowering the risk of the noisy neighbor problem and resource exhaustion.
- Enhanced security with namespace-scoped access controls that adhere to the principle of least privilege using RBAC authorization, and with namespace-scoped network policies that isolate network communication between applications.
Simplified management and operations by doing the following:
- Reduce naming collisions between different workloads or teams that share the same cluster.
- Isolate observability.
- Narrow down troubleshooting and debugging.
- Attribute and optimize cost.
- Target operations to a specific namespace without affecting the rest of the cluster.
Multi-tenancy for organizing and isolating cluster resources and policies by applications, environments and teams.
Identify workloads running in the default namespace
To identify clusters in a project with workloads running in the default
namespace, follow the instructions to view insights and
recommendations
using one of the following methods:
- Use the Trusted Cloud console.
- Use the Google Cloud CLI or the Recommender API, filtering for the
WORKLOADS_DEFAULT_NAMESPACEsubtype.
The recommendations enumerate the workloads running in the default namespace
of the associated clusters.
Inspect the default namespace of a specific cluster
To check for workloads running in the default namespace of a specific cluster,
inspect the default namespace for a cluster:
Go to the Workloads page.
In the Cluster field, enter the name of the cluster.
In the Namespace field, enter
default.
Migrate a workload to a dedicated namespace
After you identify workloads running in the default namespace, migrate them to
a dedicated namespace to achieve higher reliability, more stable performance,
and enhanced security.
What's next
- Sync objects to multiple namespaces
- Managing a GKE Multi-tenant Cluster with Namespaces
- Enable access and view cluster resources by namespace
- Optimize your usage of GKE with insights and recommendations