Namespaces
Users are assigned to organizational units called namespaces.
Namespaces are also known as tenants or accounts. In IBM® Cloud Private, users are assigned to teams. You can assign multiple namespaces to a team. Users of a team are members of the team's namespaces.
An IBM Cloud Private namespace corresponds to a single namespace in Kubernetes. All deployments, pods, and volumes that are created in a single namespace, belongs to the same Kubernetes namespace.
The following namespaces are reserved by IBM Cloud Private:
Namespace | Description | Permission to access and deploy resources |
---|---|---|
cert-manager | Reserved for the IBM Cloud Private certificate manager component. | Cluster administrator |
default | Available when you install IBM Cloud Private and used as the default namespace for objects that do not specify a namespace. This namespace must not be used for any production workloads and must not be deleted. | Cluster administrator |
istio-system | Reserved for Istio platform services. | Cluster administrator |
kube-public | Reserved by Kubernetes and IIBM Cloud Private to store reference information that is available to any authenticated user. This namespace must not be used for production workloads. | Open access Only the cluster administrator can deploy resources |
kube-system | Reserved for Kubernetes, IBM Cloud Private, and other trusted workloads. This namespace must not be used for production workloads. | Cluster administrator |
platform | Reserved for IBM Cloud Private. This namespace must not be used for production workloads. | Cluster administrator |
services | Reserved for the IBM Cloud Automation Manager product. | Cluster administrator |