kube-public 命名空间有什么用？

Question

只是好奇这个默认命名空间的用途。

Answer 1

该命名空间目前存在于使用 kubeadm 创建的集群中。它包含一个 ConfigMap 对象 cluster-info，它有助于发现和安全 bootstrap（基本上，包含集群的 CA 等）。此对象无需身份验证即可读取。

如果你好奇：

$ kubectl get configmap -n kube-public cluster-info -o yaml

这里有更多详细信息 blog post and the design document:

NEW: kube-public namespace

[...] To create a config map that everyone can see, we introduce a new kube-public namespace. This namespace, by convention, is readable by all users (including those not authenticated). [...]

In the initial implementation the kube-public namespace (and the cluster-info config map) will be created by kubeadm. That means that these won't exist for clusters that aren't bootstrapped with kubeadm. [...]

Answer 2

为了完成前面的回答，这些是命名空间内的对象 kube-public:

$ kubectl get_all --namespace kube-public
NAME                                                                      NAMESPACE
secret/default-token-jd2k2                                                kube-public
serviceaccount/default                                                    kube-public
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer  kube-public
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer         kube-public

kube-public 命名空间有什么用？

What's the kube-public namespace for?

kubernetes

kubeadm

NEW: kube-public namespace