22

In a default openshift install, there is an unused project titled kube-system. It seems like openshift-infra is for things like metrics, default is for the router and registry, and openshift is for global templates.

What is the kube-system project used for though? I can't find any docs on it.

Improve this question

2 Answers 2

Reset to default
48

kube-system is the namespace for objects created by the Kubernetes system.

Typically, this would contain pods like kube-dns, kube-proxy, kubernetes-dashboard and stuff like fluentd, heapster, ingresses and so on.

Improve this answer
2
  • 1
    So these types of pods would be deployed by the cluster admin post install?
    – thisguy123
    May 15, 2017 at 20:28
  • 1
    I believe they are usually being deployed when creating the kube cluster by the kube master. These pods are controlled by deployments, replica sets or daemon sets (fluentd) kubectl get deploy --namespace=kube-system, kubectl get rs --namespace=kube-system or kubectl get ds --namespace=kube-system
    – bartimar
    May 17, 2017 at 6:48
16

kube-system contains service accounts which are used to run the kubernetes controllers. These service accounts are granted significant permissions (create pods anywhere, for instance). Since openshift builds on top of kube, we inherit the structure.

You should avoid putting anything "personal" in that namespace since kube considers it to be "owned" by kube and the permissions for the SAs inside are quite high.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.