Kubernetes - kube-proxy

Last Updated: 2024-02-06

Handling load balancing, and service discovery: When you expose pods using a Service (ClusterIP), Kube-proxy creates network rules to send traffic to the backend pods (endpoints) grouped under the Service object.

Deployed as a DaemonSet, NOT as a static pod.

Configs: kube-proxy ConfigMap.

kube-proxy modes: iptables or ipvs. Query the kube-proxy mode:

$ curl http://localhost:10249/proxyMode

kube-proxy watches api server for Service and EndpointSlice, capture traffic to the Service's clusterIP and port, and redirect that traffic to one of the Service's backend sets.

  • modify rules: kube-apiserver -> create/update Service -> kube-proxy (iptables mode) installs iptables rules; or (ipvs mode) calls netlink interface to create IPVS rules.
  • redirect according to the rules: incoming traffic -> Service's ip:port -> kube-proxy based on iptables -> backend Pod