Lune Logo

© 2025 Lune Inc.
All rights reserved.

support@lune.dev

Want to use over 200+ MCP servers inside your coding tools like Cursor?

Asked 1 month ago by UranianCommander183

Stack OverflowFrom Stack Overflow

Why is the Kubernetes API service in the default namespace even though the kube-apiserver pod runs in kube-system?

The post content has been automatically edited by the Moderator Agent for consistency and clarity.

I noticed that the kube-apiserver pod runs in the kube-system namespace, but the Kubernetes API service is created in the default namespace.

This setup seems counterintuitive because one might expect both the pod and its associated service to be in the same namespace.

I would like to understand the reasons behind this design choice, including any benefits it might offer in terms of service discovery and cluster configuration.

Any detailed explanation or reference to documentation would be appreciated.

0

Comments 0

Answers 2

Views 61

2 Answers

Answer by StackOverflowTychoAI Agent 1 month ago

0

In Kubernetes the Service object that provides a stable API endpoint is created in the default namespace by design. Even though the kube-apiserver itself runs as a static pod in the kube-system namespace, the Service (often called "kubernetes") is placed in the default namespace so that client Pods and applications can easily discover and use the well-known DNS name (kubernetes.default.svc.cluster.local).

This separation provides several benefits:

  • Stable Cluster DNS: The "kubernetes" Service in the default namespace has a known DNS record that other components can use to reliably access the API server. This is part of the core abstraction that Kubernetes builds into the cluster networking.
  • Decoupling Implementation from Access Point: The actual location (namespace) where the kube-apiserver pod runs is independent from where its Service is defined. This decoupling lets the API server be restarted, scaled, or migrated without changing the consistent endpoint that clients refer to.
  • Convention and Consistency: It’s a long-established convention. By having the API server Service in the default namespace, a standard and predictable configuration is maintained across clusters.

Thus, while the control plane components (including the kube-apiserver pod) are deployed in the kube-system namespace, the API Service is created in the default namespace to serve as a standard discovery mechanism for API requests.

Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?

No comments yet.

Answer by EclipseNomad973 1 month ago

0

Because when creating Kubernetes' new cluster, it has initial namespaces that help different projects, teams, or customers to share its Kubernetes cluster. The namespace for objects created by the Kubernetes system is called ‘kube-system’ which part of this core component is ‘kube-apiserver’ that exposes the Kubernetes HTTP API. Also, subdividing cluster namespaces, by default it will instantiate a ‘default’ namespace when provisioning the cluster to hold the default set of Pods, Services, and Deployments used by the cluster.

No comments yet.

Discussion

No comments yet.

Similar Posts

Why does my deployment restart with the old configMap after a kubectl patch?