When I deploy my golang service to any namespace but the default
namespace, the service is unable to retrieve pods on any namespace. The same service deployed on the default
namespace works perfectly, using the golang client-go api.
Is this a security issue?
Thanks.
This issue is permission issue. Since you are using
rest.InClusterConfig(config)
to create client. That means it using pod's service account as credential. So check whether that service account has the permission to get pods in any namespace.If RBAC is enabled in your cluster, then check the role binding in that namespace, to find out whether your service account has the permission.
To see the specific rolebinding
Also you can create role and role binding to give permission. To know about RBAC role and role binding see here: https://kubernetes.io/docs/reference/access-authn-authz/rbac/