Hierarchical namespaces were originally developed by the Workgroup for Multi-Tenancy and introduced in 2020 as a means of better supporting multi-tenancy of a single Kubernetes cluster.
The design implies ownership:
- Policies are inherited from parent namespaces.
- Creation of subnamespaces can be delegated within a parent namespace.
- A CRDs within each namespace defines the parent.
- The implementation is provided by the HNC extension. This handles subnamespaces and propagates policy objects.
- The kubectl
hnsplugin provides an interface for operations folks.