Namespace Naming Discipline

Namespaces accumulate. The discipline.

Naming convention

The naming convention is predictable and greppable: team-purpose-env, lowercase, hyphenated, no generic or brand names. Examples: data-pipelines-prod, platform-monitoring-shared, frontend-app-staging. CI scripts target by pattern; engineers can guess the namespace without looking it up.

• Pattern team-purpose-env. Explicit triplet per namespace. Predictable structure, parseable by tooling.
• Predictable plus greppable. No lookup required to guess a namespace name. CI scripts target by pattern.
• Avoid generic and brand names. No default, no kube-system overlap, no single-team brand. Generic names drift into ambiguity.
• Documented convention per cluster. Published naming guide. Supports new cluster operators without re-explaining each time.

Ownership labels

Every namespace carries ownership labels: team, owner, contact, lifecycle. Queryable via kubectl get namespaces -L team,owner,contact,lifecycle; audited quarterly. Empty ownership is technical debt that becomes an orphan namespace by Q3.

• Required labels per namespace. team, owner, contact, lifecycle metadata. Queryable for audit.
• Empty ownership is debt. Orphan-namespace surface per quarter. Either claimed or retired.
• Lifecycle drives cleanup. long-running, ephemeral, batch tag per namespace. Drives cleanup and capacity planning.
• IaC source per namespace. Terraform-managed labels. Catches manual drift before audit.

Isolation between namespaces

Three primitives keep namespaces isolated: NetworkPolicy default-deny, resource quotas, namespace-scoped RBAC. Without these, namespaces are organisational lipstick on a flat cluster. With them, namespaces become real blast-radius boundaries.

• Default-deny NetworkPolicy. Cross-namespace traffic blocked by default per namespace. Talk only to declared destinations.
• Resource quotas. Capacity cap per namespace. Single namespace cannot exhaust the cluster.
• Namespace-scoped RBAC. Role boundary per namespace. Cross-namespace access requires explicit permission.
• Cluster-level audit policy. Cross-namespace access logging per cluster. Supports investigation when isolation gets bypassed.

Cleanup discipline

Cleanup keeps the cluster sane. Empty namespaces flagged after 30 days, quarterly drift and missing-label audit, ephemeral namespaces with TTL labels for auto-cleanup. Without ongoing cleanup the namespace count grows monotonically and the audit cost grows with it.

• Empty 30+ days flagged. Auto-flag rule per namespace. Either documented as needed or deleted.
• Quarterly review. Drift, missing-label, orphaned-resource audit per quarter. Drives cleanup actions.
• Ephemeral with TTL labels. Auto-cleanup per ephemeral namespace. Retire ephemeral namespaces aggressively.
• Cleanup dashboard per cluster. At-risk-namespace view per cluster. Supports proactive cleanup before the next audit.