- TechOps Examples
- Posts
- How to Implement Kubernetes Immortal Namespaces
How to Implement Kubernetes Immortal Namespaces
Govardhana M K
August 30, 2025
TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.
👋 Before we begin... a big thank you to today's sponsor MAVEN AGI
Transform Customer Support with AI Agents
How Did Papaya Scale Support Without Hiring?
Papaya cut support costs by 50% and automated 90% of inquiries using Maven AGI’s AI-powered agent - no decision trees, no manual upkeep. Faster responses, happier customers, same team size.
👀 Remote Jobs
iLogos is hiring a DevOps Engineer (AWS, Terraform, CI/CD)
Remote Location: Worldwide
Supabase is hiring a Platform Engineer
Remote Location: Worldwide
📚️ Resources
🔴 Get my DevOps & Kubernetes ebooks! (free for Premium Club and Personal Tier newsletter subscribers)
Looking to promote your company, product, service, or event to 52,000+ Cloud Native Professionals? Let's work together. Advertise With Us
🧠 DEEP DIVE USE CASE
How to Implement Kubernetes Immortal Namespaces
Have you ever tried deleting a namespace and got this error?
Some namespaces in Kubernetes are immortal, they can never be deleted.
Most production systems implement custom immortal namespaces to protect critical workloads from accidental deletion and to guarantee cluster stability under operational errors.
Thus, each Kubernetes practitioner should be aware of why they exist and how to custom implement their own immortal namespaces for critical services. Before that, for someone who doesn’t know..
What a Namespace is?
In Kubernetes, a namespace is like a virtual cluster inside your actual cluster. It helps you:
Organize resources (Pods, Deployments, Services).
Avoid name collisions.
Apply access controls (RBAC, network policies).
Delegate cluster usage to multiple teams.
Think of it as a folder structure inside Kubernetes.
Types of Namespaces
1. System (Immortal) Namespaces
Kubernetes creates these by default in every cluster:
default: Where resources land if you don’t specify a namespace.
kube-system: Runs cluster components (DNS, CNI, controllers).
kube-public: Holds a public cluster-info ConfigMap, readable by anyone in the cluster.
kube-node-lease: Stores node lease objects for faster node heartbeat and failure detection.
So in a fresh cluster you always see at least these four:
$ kubectl get ns
NAME STATUS AGE
default Active 10d
kube-system Active 10d
kube-public Active 10d
kube-node-lease Active 10d
Key Point
These are standard across all Kubernetes clusters (EKS, AKS, GKE, bare-metal, minikube, kind).
They are considered “immortal namespaces” because Kubernetes will not allow you to delete them.
2. User Created Namespaces
Useful for isolating environments or teams.
Example: dev, prod, logging, ingress-nginx
Platform Services like Monitoring, logging, ingress controllers should live in “immortal” namespaces.
If someone deletes these accidentally, you lose visibility or routing. Making them immortal prevents that.
With this basic understanding, let us look at how to implement custom immortal namespaces with Kyverno.
I am giving away 25% OFF on all annual plans of membership offerings.
A membership will unlock access to read these deep dive editions on Thursdays and Saturdays.
Upgrade to Paid to read the rest.
Become a paying subscriber to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
Paid subscriptions get you:
- • Access to archive of 200+ use cases
- • Deep Dive use case editions (Thursdays and Saturdays)
- • Access to Private Discord Community
- • Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
- • Quarterly 1:1 'Ask Me Anything' power session