Should the Kubernetes api server be accesible as https://kubernetes:443 from any pod in the cluster?

2/2/2018

According to the Kubernetes docs,

The kubernetes service (in all namespaces) is configured with a virtual IP address that is redirected (via kube-proxy) to the HTTPS endpoint on the apiserver.

For some reason I can't access kubernetes from a non-default namespace, unless I manually create the service there (or use kubernetes.default). Looking at the code I see the kubernetes service is created in namespace default, is it also available in other namespaces? If so, how is that accomplished? How might I debug it?

I've been finding it difficult to Google this, since "kubernetes service" is not really a great search keyword.

For the record, I'm using GKE.

-- user271667
kubernetes

1 Answer

2/2/2018

Service kubernetes is only available in Namespace default.

If you want to access API server using this service, you need to use kubernetes.default

Services are assigned a DNS A record for a name of the form

            my-svc.my-namespace.svc.cluster.local

This resolves to the cluster IP of the Service.

That means, you need to use kubernetes.default.svc.cluster.local

You can skip svc.cluster.local.

So to access a kubernetes Service, you need to provide kubernetes.default.

If you want to access from default namespace, you can skip namespace part.

See details in here.

Also,

When you create a pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace.

You can access the API from inside a pod using automatically mounted service account credentials, as described in Accessing the Cluster.

-- Mir Shahriar Sabuj
Source: StackOverflow