What's the kube-public namespace for?

That namespace exists in clusters created with kubeadm for now. It contains a single ConfigMap object, cluster-info, that aids discovery and security bootstrap (basically, contains the CA for the cluster and such). This object is readable without authentication.

If you are courious:

$ kubectl get configmap -n kube-public cluster-info -o yaml

There are more details in this blog post and the design document:

NEW: kube-public namespace

[...] To create a config map that everyone can see, we introduce a new kube-public namespace. This namespace, by convention, is readable by all users (including those not authenticated). [...]

In the initial implementation the kube-public namespace (and the cluster-info config map) will be created by kubeadm. That means that these won't exist for clusters that aren't bootstrapped with kubeadm. [...]

To complete the previous answer, these are the objects inside the namespace kube-public:

$ kubectl get_all --namespace kube-publicNAME                                                                      NAMESPACEsecret/default-token-jd2k2                                                kube-publicserviceaccount/default                                                    kube-publicrolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer  kube-publicrole.rbac.authorization.k8s.io/system:controller:bootstrap-signer         kube-public