K8s - how do I get seperate namespace for each department?

Hi all, currently I’m running as IT administrator in my company.
I have requirements regarding k8s is that
• Have to seperate namespace for each department
• Dont allow users / tenant to see or run query again master nodes for example like kubectl get nodes - should hide the master
Any thoughts how to do this especially no 2? Tried many things but don’t work. Thanks

You just use standard rbac here. Tenant users should only have Roles which grant permission to things in their namespace. A node is not a namespaced resource

Thanks for no 1 . But yes, i’m having trouble with no 2. I’m thinking about changing the source code, but that will be much effort

You don’t want them to run commands against nodes like kubectl get nodes then don’t grant them permission to non-Namespaced resources like nodes.

This is all standard RBAC built into Kubernetes.

And why are you responding from two different accounts?

Because my departement is responsible for the kubernetes infra and the others only using it.

Noted for this. Let me check this one. Thanks for the answer