OpenShift Namespace Configuration Management

Benjamin Porter
2 min readNov 10, 2020

Once you have your shiny new OpenShift cluster set up, you face the task of deciding how you want to manage your namespaces (projects).

A namespace is a unit of organization that brings with it some management implications. If you put time into a designing a good namespace configuration, you get a lot of administrative functions for free, such as RBAC policies.

RBAC role bindings are done at the namespace scope, which means a user will generally have the same access permissions to each type of object in the namespace. For this reason, it is useful to group objects together based on what sort of access permissions user’s may have to them.

Another administrative aspect is resource quotas. Quotas are administered on a Project-level. While quotas can be adjusted as needed, it does often require an administrator to make the change. If you can define sensible quotas based on expected needs, you get some benefits.

Here is an example. If your organization uses a microservice architecture and teams often own services that are related to each other, it can be beneficial to have a namespace per environment, per team. For example, if the team’s name is “Phoenix” then you might have namespaces like this:

  • phoenix-dev
  • phoenix-qa
  • phoenix-prod

Inside each namespace then you may deploy the services that the team owns.

--

--

Benjamin Porter

Ben Porter is a Software Engineer who specializes in distributed applications (like web apps). He is currently Chief Technology Officer (CTO) at Ameelio.org