Is it possible to customize the in-cluster default kubernetes service pointing to API server?

I know maybe this request is a bit strange, but just wonder whether it’s technically feasible or not.

As we know there’s special kubernetes service called kubernetes in namespace default which refers to the API server and it’s auto-created for in-cluster access to API server.

What I’m trying to do is to put some sort of proxy in front of this kubernetes service so that I can intercept calls made to API server from other pods and add some tricks as needed that is transparent to these pods.

Ideally, I would like to see if I can redefine the kubernetes service to point to the proxy pod first, then have the proxy forward calls to the API server:

kubernetes svc -> proxy pod -> api server

So that all other pods can still use kubernetes as the hostname w/o ANY change when they make calls to API server. Just like to run a curl inside a pod:

curl -k https://kubernetes:433

If it’s not possible, I would have to define a new service to expose the proxy pod, e.g. to name it as proxied-kubernetes, then modify all other pods who need to call API server to use something similar as below:

curl -k https://proxied-kubernetes:433

Not exactly what you’re looking for, but have you looked at admission webhooks? They can verify or mutate objects depending on certain criteria. One of the more commonly used tools for writing those rules is Open Policy Agent.