Kubernetes namespaces - they’re an essential feature for building modern cloud architectures. Namespaces let you split up a single cluster into multiple “virtual clusters”. Resources like pods, replicasets, and deployments all live in namespaces. You can think of a namespace as being a resource’s last name - it specifies which family the resource is part of - and normal resources can have one and only one namespace (There are exceptions like the Node resource which is cluster-wide and doesn’t belong to any namespace). If you don’t think you’re using namespaces on your cluster then you’re wrong. You’re actually just putting everything into the default namespace.

Micro-segmentation is an emerging practice that is quickly becoming a critical facet of cloud security. Its objective is not only to prevent compromise, but also to deal with what happens after compromise occurs. The purpose of micro-segmentation is to isolate applications and services from one another in order to prevent attackers from achieving their goals—even if they succeed in initially breaching the organization’s IT defenses.