Your approach is wrong here. Namespace is not the issue. Here the first error is that of the srviceaccount in the default namespace is unable to get the services. You should assign a role to that user using clusterrolebinding.
Using min. privileges, create a role to access and list services:
- apiGroups: [""] # "" indicates the core API group
verbs: ["get", "watch", "list"]
This will create a clusterrole which can list, get and watch services. Now you can use this clusterrole to create a clusterrolebinding:
kubectl create clusterrolebinding service-reader-pod \
Here the service-reader-pod is the name of clusterrolebinding and it assigns the service-reader clusterrole to the default serviceaccount in default namespace. Follow similar steps to rectify your second error.
In this case I created clusterrole and clusterrolebinding but you might want to create a roleand rolebinding instead. You can check the documentation in detail here