Kubernetes clusters should not use the default namespace
HIGH
Ensures workloads are deployed in dedicated namespaces instead of the default namespace for better isolation.
What does this mean?
The default namespace in Kubernetes has no special security controls. Deploying workloads here makes it harder to apply RBAC, network policies, and resource quotas effectively. This recommendation enforces using dedicated namespaces.
Benefits of implementation
- Enables granular RBAC and network policies per namespace
- Improves workload isolation and organization
- Required by CIS Kubernetes Benchmark
Drawbacks and considerations
- Requires namespace planning and naming conventions
- Cross-namespace service discovery needs explicit configuration
- Minor operational overhead in managing multiple namespaces
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Kubernetes / AKS
- Azure Resource
- Frameworks
- 2 frameworks
- Last updated
- 2026-02-12