Namespaces
Users are assigned to organizational units called namespaces.
Namespaces are also known as tenants or accounts. In IBM® Cloud Private, users are assigned to teams. You can assign multiple namespaces to a team. Users of a team are members of the team's namespaces.
An IBM Cloud Private namespace corresponds to a single namespace in Kubernetes. All deployments, pods, and volumes that are created in a single namespace, belongs to the same Kubernetes namespace.
The following namespaces are reserved by IBM Cloud Private:
| Namespace | Description | Permission to access and deploy resources |
|---|---|---|
| cert-manager | Reserved for the IBM Cloud Private certificate manager component. | Cluster administrator |
| default | Available when you install IBM Cloud Private and used as the default namespace for objects that do not specify a namespace. This namespace must not be used for any production workloads and must not be deleted. | Cluster administrator |
| icp-system | Reserved for IBM Cloud Private. This namespace must not be used for production workloads. | Cluster administrator |
| istio-system | Reserved for Istio platform services. | Cluster administrator |
| kube-public | Reserved by Kubernetes and IIBM Cloud Private to store reference information that is available to any authenticated user. This namespace must not be used for production workloads. | Open access Only the cluster administrator can deploy resources |
| kube-system | Reserved for Kubernetes, IBM Cloud Private, and other trusted workloads. This namespace must not be used for production workloads. | Cluster administrator |
| platform | Reserved for IBM Cloud Private. This namespace must not be used for production workloads. | Cluster administrator |
| services | Reserved for the IBM Cloud Automation Manager product. | Cluster administrator |
The Namespace overview page in the management consoledisplays the list of pod security policies that are associated to every namespace.