When I deploy my golang service to any namespace but the default namespace, the service is unable to retrieve pods on any namespace. The same service deployed on the default namespace works perfectly, using the golang client-go api.
Is this a security issue?
Thanks.
This issue is permission issue. Since you are using rest.InClusterConfig(config) to create client. That means it using pod's service account as credential. So check whether that service account has the permission to get pods in any namespace.
if service account in the pod is not defined, then it will use
defaultservice account.
If RBAC is enabled in your cluster, then check the role binding in that namespace, to find out whether your service account has the permission.
# to see the list of role bindings in 'default' namespace
kubectl get rolebindings --namespace default
To see the specific rolebinding
kubectl get rolebindings ROLE-BINDING-NAME --namespace default -o yaml
Also you can create role and role binding to give permission. To know about RBAC role and role binding see here: https://kubernetes.io/docs/reference/access-authn-authz/rbac/