K
Q

What's the kube-public namespace for?

8/29/2017

Just curious about the intent for this default namespace.

Thanks in advance.

-- Steven Barragán
kubeadm
kubernetes

Similar Questions

Docker volume vs Kubernetes persistent volume for databases
With Python Kubernetes client, how to replicate `kubectl create -f` generally?
Google Container Engine (Kubernetes) and OAuth2 Callback
Jenkins, MiniKube & Kubernetes Plugin - Dynamically spawning slaves

2 Answers

4/22/2019

To complete the previous answer, these are the objects inside the namespace kube-public:

$ kubectl get_all --namespace kube-public
NAME                                                                      NAMESPACE
secret/default-token-jd2k2                                                kube-public
serviceaccount/default                                                    kube-public
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer  kube-public
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer         kube-public
-- Kartoch
Source: StackOverflow
8/29/2017

That namespace exists in clusters created with kubeadm for now. It contains a single ConfigMap object, cluster-info, that aids discovery and security bootstrap (basically, contains the CA for the cluster and such). This object is readable without authentication.

If you are courious:

$ kubectl get configmap -n kube-public cluster-info -o yaml

There are more details in this blog post and the design document:

NEW: kube-public namespace

[...] To create a config map that everyone can see, we introduce a new kube-public namespace. This namespace, by convention, is readable by all users (including those not authenticated). [...]

In the initial implementation the kube-public namespace (and the cluster-info config map) will be created by kubeadm. That means that these won't exist for clusters that aren't bootstrapped with kubeadm. [...]

-- Janos Lenart
Source: StackOverflow