What's the kube-public namespace for?

Question

Just curious about the intent for this default namespace.

score 31 · Accepted Answer · edited Dec 31 '18 at 11:35

That namespace exists in clusters created with kubeadm for now. It contains a single ConfigMap object, cluster-info, that aids discovery and security bootstrap (basically, contains the CA for the cluster and such). This object is readable without authentication.

If you are courious:

$ kubectl get configmap -n kube-public cluster-info -o yaml

There are more details in this blog post and the design document:

NEW: kube-public namespace

[...] To create a config map that everyone can see, we introduce a new kube-public namespace. This namespace, by convention, is readable by all users (including those not authenticated). [...]

In the initial implementation the kube-public namespace (and the cluster-info config map) will be created by kubeadm. That means that these won't exist for clusters that aren't bootstrapped with kubeadm. [...]

score -1 · Answer 2 · answered Apr 22 '19 at 13:24

-1

To complete the previous answer, these are the objects inside the namespace kube-public:

$ kubectl get_all --namespace kube-public
NAME                                                                      NAMESPACE
secret/default-token-jd2k2                                                kube-public
serviceaccount/default                                                    kube-public
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer  kube-public
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer         kube-public

answered Apr 22 '19 at 13:24

Kartoch

7,610
9
40
68

could you share your get_all alias or do you have a custom kubectl? – Dimitrie Mititelu May 03 '19 at 11:24
Install the krew plugin manager for kubectl and search for the `get_all` plugin – Kartoch May 08 '19 at 17:51

What's the kube-public namespace for?

2 Answers2

NEW: kube-public namespace