Welcome to the Linux Foundation Forum!

why is service kubernetes in default namespace instead of kube-system?

I've wanted to know for a long time why service kubernetes (which is to be used for communication with API Server) is in default namespace rather than kube-system. It looks like a mistake. But is this really a mistake, which can't be fixed anymore because this would not be a backward compatible change? Or is it done so intentionally? If so, why?

Answers

  • chrispokorni
    chrispokorni Posts: 2,434

    Hi @dmsheiko,

    Communication with the API server is handled in two ways. For cluster components the API server is advertising its hosting system (can be a host name, an alias, IP address, etc...) and the secure port 6443, while for in-cluster applications it is available through the standard exposure mechanism - the ClusterIP service on port 443.
    These two distinct approaches allow for a streamlined authentication and authorization management process for all communication with the API server.

    Regards,
    -Chris

  • dmsheiko
    dmsheiko Posts: 28

    Hi Chris,

    Ok, for in-cluster applications it's available through dns name kubernetes.default or kubernetes.default.svc.cluster.local, where default is a namespace where this service is defined. But if it were in kube-system (for example), it will still be accessible, but with slightly different name kubernetes.kube-system. The question is: why kubernetes.default is better than kubernetes.kube-system?

    Regards,
    Dmytro

Categories

Upcoming Training