I am new to Kuberenetes so Please forgive me if I raise some stupid dumb questions.
So I've created one new namespace (say test1) using below command.
kubectl create ns test1
Than I created one service account in that namespace, using below command.
kubectl create serviceaccount test1-sa
I've one IMAGE named (person-app) of Springboot service which is using Fabric Client API to get list of pods deployed in test namespace.
The image is building properly, and now I applied the following Deployment file in two different namespaces, one in default namespace and other in test1 ns.
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8-sample-dep
spec:
replicas: 1
selector:
matchLabels:
app: person-app
template:
metadata:
labels:
app: person-app
spec:
containers:
- name: person-app
image: person-app:latest
imagePullPolicy: Never
ports:
- containerPort: 8200
using the following command:
kubectl apply -f k8-deployment.yaml -n test
kubectl apply -f k8-deployment.yaml
Now arises the problem, as per my understanding the default namespace has a default ServiceAccount which is injected into the pods created in default namespace (if no ServiceAccount is specified in yaml file). And that pod should only be able to access resources in that namespace only, and cannot query pods information in other namespace.
But when I hit endpoint of pod which is in Default namespace, the code is able to list the information of PODS which are deployed in "test1" namespace. This is the part where I am not able to understand how is this happening.
Things I tried to look into problem
Please help.