why is service kubernetes in default namespace instead of kube-system?

dmsheiko

I've wanted to know for a long time why service kubernetes (which is to be used for communication with API Server) is in default namespace rather than kube-system. It looks like a mistake. But is this really a mistake, which can't be fixed anymore because this would not be a backward compatible change? Or is it done so intentionally? If so, why?

chrispokorni

Hi @dmsheiko,

Communication with the API server is handled in two ways. For cluster components the API server is advertising its hosting system (can be a host name, an alias, IP address, etc...) and the secure port 6443, while for in-cluster applications it is available through the standard exposure mechanism - the ClusterIP service on port 443.
These two distinct approaches allow for a streamlined authentication and authorization management process for all communication with the API server.

Regards,
-Chris

dmsheiko

Hi Chris,

Ok, for in-cluster applications it's available through dns name kubernetes.default or kubernetes.default.svc.cluster.local, where default is a namespace where this service is defined. But if it were in kube-system (for example), it will still be accessible, but with slightly different name kubernetes.kube-system. The question is: why kubernetes.default is better than kubernetes.kube-system?

Regards,
Dmytro