22

In a default openshift install, there is an unused project titled kube-system. It seems like openshift-infra is for things like metrics, default is for the router and registry, and openshift is for global templates.

What is the kube-system project used for though? I can't find any docs on it.

thisguy123
  • 939
  • 1
  • 9
  • 31

2 Answers2

45

kube-system is the namespace for objects created by the Kubernetes system.

Typically, this would contain pods like kube-dns, kube-proxy, kubernetes-dashboard and stuff like fluentd, heapster, ingresses and so on.

bartimar
  • 3,374
  • 3
  • 30
  • 51
  • 1
    So these types of pods would be deployed by the cluster admin post install? – thisguy123 May 15 '17 at 20:28
  • 1
    I believe they are usually being deployed when creating the kube cluster by the kube master. These pods are controlled by deployments, replica sets or daemon sets (fluentd) `kubectl get deploy --namespace=kube-system`, `kubectl get rs --namespace=kube-system` or `kubectl get ds --namespace=kube-system` – bartimar May 17 '17 at 06:48
16

kube-system contains service accounts which are used to run the kubernetes controllers. These service accounts are granted significant permissions (create pods anywhere, for instance). Since openshift builds on top of kube, we inherit the structure.

You should avoid putting anything "personal" in that namespace since kube considers it to be "owned" by kube and the permissions for the SAs inside are quite high.

David Eads
  • 349
  • 1
  • 3