What's the purpose of the default kubernetes service?

Question

When you run: kubectl get svc -n default, you will have a kubernetes service with Type as ClusterIP already there.

What is the purpose of this service? Any references appreciated.

I'm running in Minikube

xyz:Kubernetes _$ kubectl describe svc/kubernetes
Name:              kubernetes
Namespace:         default
Labels:            component=apiserver
               provider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP:                10.0.0.1
Port:              https  443/TCP
TargetPort:        8443/TCP
Endpoints:         10.0.2.15:8443
Session Affinity:  ClientIP
Events:            <none>

xyz:Kubernetes _$ kubectl cluster-info
Kubernetes master is running at https://192.168.99.100:8443

score 17 · Answer 1 · answered Nov 28 '17 at 06:33

17

AFAIK the kubernetes service in the default namespace is a service which forwards requests to the Kubernetes master ( Typically kubernetes API server).

So all the requests to the kubernetes.default service from the cluster will be routed to the configured Endpoint IP. In this scenario its the kubernetes master IP

For example

Lets checkout the output of kubectl describe svc kubernetes and look at the the Endpoint IP.

Now lets check our cluster info

kubectl cluster-info

Please note that the kubernetes master is running at the same IP as the Endpoints IP of kubernetes.default service.

Hope it helps.

answered Nov 28 '17 at 06:33

Karthik Venkateswaran

366
1
12

2

API Server is not a pod inside the cluster. As if we use the following command "kubectl get pods " we do not see any pods with the name of Kubernetes. Correct me If i am wrong – Suresh Vishnoi Nov 28 '17 at 11:29
Thanks, Karthik. Mine is a little different from yours since Im running it in Minikube. The mysterious Endpoints is 10.0.2.15. It needs to point at API Server. How did it accomplish this? – Fei Nov 28 '17 at 15:01
Hi Suresh, yes you are right there will not be any pods with the name ```kubernetes```. So a service need not have to forward requests to the pod it can forward requests to a remote url also. That is the same thing done by kubernetes service in the default namespace. It forward requests to the kubernetes master. – Karthik Venkateswaran Nov 28 '17 at 17:21
1

if you are running on localhost (eg minikube or docker for mac) you can see and compare ip using `kubectl describe node/docker-for-desktop` for instance – Eddy Hernandez Jun 05 '19 at 03:46
Please review *[Why not upload images of code/errors when asking a question?](https://meta.stackoverflow.com/questions/285551/)* (e.g., *"Images should only be used to illustrate problems that* ***can't be made clear in any other way,*** *such as to provide screenshots of a user interface."*) and [do the right thing](https://stackoverflow.com/posts/47525313/edit) (it covers answers as well). Thanks in advance. (But *** *** *** *** *** ***[without](https://meta.stackexchange.com/a/131011)*** *** *** *** *** "Edit:", "Update:", or similar - the answer should appear as if it was written today).) – Peter Mortensen Aug 25 '23 at 11:44

score 5 · Answer 2 · answered Nov 28 '17 at 06:16

It is so that every Pod within your cluster can make API requests of the Kubernetes master without having to hard-code the API URL therein. Your ~/.kube/config may very well have the "external" address of your Kubernetes master, but it makes very little sense for API traffic to leave the cluster and then re-enter the cluster for a Pod that could be co-located on the same Node. Pods are able to use the Service Account credentials injected by kubernetes, unless that Service Account feature is disabled per-Pod.

Your application is free to make use of that functionality, too, if it wishes -- for example -- to discover any annotations on its Pod, or how many other replicas there are in its Deployment, and so forth.

I guess the tl;dr is that for 90% of the Pods it doesn't matter, and for the remaining 10% it is super convenient.

Thanks, Matthew. It appears that Pods use the Default ServiceAccount to communicate with APIServer if necessary. — Fei, Nov 28 '17 at 14:41

score -1 · Answer 3 · edited Aug 25 '23 at 11:42

-1

So this Kubernetes service by default uses the kupe-apiserver pod in the backend. If this goes down, we'll not be able to communicate with master, and kubectl commands won’t work.

edited Aug 25 '23 at 11:42

Peter Mortensen

30,738
21
105
131

answered Apr 29 '21 at 03:29

ash

1

1

`kube-apiserver` is not a pod but a binary that's installed on the control-plane. While your answer isn't completely wrong as far as I can tell the others are of far better quality. – Jan Groth Jan 09 '23 at 19:09

score -2 · Answer 4 · answered Aug 22 '23 at 02:49

The standard Kubernetes service is a ClusterIP service, which exposes a service on a cluster-internal IP address. It is used to expose services to other pods in the cluster and is Kubernetes' standard service type.

The default Kubernetes service does not have an external IP address, so it cannot be accessed from outside the cluster. This is so because internal communication between pods in the cluster is intended to be accomplished using the default service type.

A different type of service, like a NodePort or LoadBalancer service, can be created if you need to expose a service to the outside world.

The following are some advantages of using the standard Kubernetes service:

Easy to set up: The default Kubernetes service is easy to set up. You do not need to specify any additional configuration.

Efficient: The default Kubernetes service is efficient because it does not require any external resources.

Secure: The default Kubernetes service is secure because it is only accessible to pods in the cluster.

Here are some of the drawbacks of using the default Kubernetes service:

Not accessible from outside the cluster: The default Kubernetes service is not accessible from outside the cluster. This can be a drawback if you need to expose a service to the outside world.

Not scalable: The default Kubernetes service is not scalable. If you need to expose a service to a large number of clients, you may need to use a different type of service.

In general, choosing the default Kubernetes service to expose services to other pods in the cluster is a wise decision. However, you should use a different kind of service if you need to expose a service to the public.

@DavidW: Some contraindications are missing use of second person in the first two paragraphs and lengthy answers before [December 2022](https://meta.stackoverflow.com/questions/421831/temporary-policy-chatgpt-is-banned) which *don't* seem to be the result of (regular) plagiasrism. There isn't a marked jump in writing style either. ***It could be genuine***. Though [two lengthy](https://stackoverflow.com/a/76974217) [answers in less](https://stackoverflow.com/a/76974185) than 8 minutes demands an explanation (purely theoretically possible at 60 WPM). — Peter Mortensen, Aug 25 '23 at 11:19
cont' - It would be interesting to hear what the OP has to say. — Peter Mortensen, Aug 25 '23 at 11:23
Though [this answer](https://stackoverflow.com/questions/156767/whats-the-difference-between-an-argument-and-a-parameter/71307720#71307720) from March 2022 is somewhat [out](https://pmortensen.eu/world/EditOverflow.php?LookUpTerm=java) [of style](https://pmortensen.eu/world/EditOverflow.php?LookUpTerm=where%20as). And most answers are late answers, one of the (weak) signals for plagiarism. — Peter Mortensen, Aug 25 '23 at 11:53
@PeterMortensen I was very convinced by the answers today. It's possible I'm wrong about this one, but I think it's likely. — DavidW, Aug 25 '23 at 11:55
@DavidW and PeterMortensen , The output you will receive when you run the question in ChatGPT will be very different. — Aditya Bhuyan, Aug 26 '23 at 08:22

What's the purpose of the default kubernetes service?

4 Answers4

Linked