Ensure default namespace is not used

Error: Default namespace is used

Bridgecrew Policy ID: BC_K8S_20
Checkov Check ID: CKV_K8S_21
Severity: LOW

Default namespace is used

Description

In Kubernetes, the cluster comes out of the box with a namespace called “default.” Other namespaces Kubernetes includes are: kube-node-lease, kube-system and kube-public. Some Kubernetes tooling is set up out of the box to use this namespace and you can’t delete it.

We recommend that you do not use the default namespace in large production systems. Using this space can result in accidental disruption with other services. Instead, we recommend you create alternate namespaces and use them to run additional required services.

Fix - Buildtime

Kubernetes

  • Resource: Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
  • Argument: namespace (Optional)
    Defines the used namespace. Default to default.
apiVersion: <apiVersion>
kind: <kind>
metadata:
  name: <name>
+ namespace: <your namespace>
- namespace: default