What's the kube-public namespace for?

Asked 29/8, 2017 at 1:48 Answered 22/4, 2019 at 13:24

Just curious about the intent for this default namespace.

Paction answered 29/8, 2017 at 1:48 Comment(0)

That namespace exists in clusters created with kubeadm for now. It contains a single ConfigMap object, cluster-info, that aids discovery and security bootstrap (basically, contains the CA for the cluster and such). This object is readable without authentication.

If you are courious:

$ kubectl get configmap -n kube-public cluster-info -o yaml

There are more details in this blog post and the design document:

NEW: kube-public namespace

[...] To create a config map that everyone can see, we introduce a new kube-public namespace. This namespace, by convention, is readable by all users (including those not authenticated). [...]

In the initial implementation the kube-public namespace (and the cluster-info config map) will be created by kubeadm. That means that these won't exist for clusters that aren't bootstrapped with kubeadm. [...]

Ceratoid answered 29/8, 2017 at 9:4 Comment(0)

-1

To complete the previous answer, these are the objects inside the namespace kube-public:

$ kubectl get_all --namespace kube-public
NAME                                                                      NAMESPACE
secret/default-token-jd2k2                                                kube-public
serviceaccount/default                                                    kube-public
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer  kube-public
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer         kube-public

Tuberose answered 22/4, 2019 at 13:24 Comment(2)

could you share your get_all alias or do you have a custom kubectl? – Cuthbert 3/5, 2019 at 11:24

Install the krew plugin manager for kubectl and search for the get_all plugin – Tuberose 8/5, 2019 at 17:51

NEW: kube-public namespace

Recommended topics

Hot tags