Kubernetes accessing resource across namespace

4/23/2018

I have multiple teams and each team has bunch of Applications and Each application will have different environments( DEV, STAGE, PROD ). Looking for a way to limit the accesses using namespace.

Say, each team will have their own namespace.

I dont want Application deployed in namespace A access configMaps from namespace B. But, I want Applications deployed in namespace A access Rest Applications deployed in namespace B( Either thru ingress or services).

Also, dev applications should not have visibility on STAGE applications.

But, there are few applications which will serve request for DEV & STAGE based on tenantId in the request header.

What is the recommendation for creating namespace here?

Thanks

-- user1578872
kubernetes

1 Answer

4/24/2018

Namespaces automatically separate resources in the cluster. So if you create a namespace A and B, then if you create a configmap in namespace A it will automatically be unavailable in namespace B.

If you want to restrict users on what they can do in your cluster. For example if you like developers to be able to create resources on development but only view things in staging or production. I would take a look at using RBAC

If you want to separate access to and from applications on the network layer I would suggest taking a look at Network Policies. For that you would need an applicable networking solution for example Project Calico

-- aevarisak
Source: StackOverflow