1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
6 kube-proxy - Provides network proxy services.
7
11 kube-proxy [OPTIONS]
12
16 The Kubernetes network proxy runs on each node. This reflects services
17 as defined in the Kubernetes API on each node and can do simple TCP,
18 UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP for‐
19 warding across a set of backends. Service cluster IPs and ports are
20 currently found through Docker-links-compatible environment variables
21 specifying ports opened by the service proxy. There is an optional
22 addon that provides cluster DNS for these cluster IPs. The user must
23 create a service with the apiserver API to configure the proxy.
24 kube-proxy [flags]
27
31 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
32 --bind-address ip The IP address for the
36 proxy server to serve on (set to '0.0.0.0' for all IPv4 interfaces and
37 ' :' for all IPv6 interfaces) (default 0.0.0.0)
38 --cleanup If true cleanup iptables and ipvs rules and exit.
41 --cluster-cidr string The CIDR range of pods in the cluster. When configured, traffic sent to a Service cluster IP from outside this range will be masqueraded and traffic sent from pods to an external LoadBalancer IP will be directed to the respective cluster IP instead
42 --config string The path to the configuration file.
43 --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s)
44 --conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
45 --conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
46 --conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
47 --conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
48 --detect-local-mode LocalMode Mode to use to detect local traffic
49 --feature-gates mapStringBool A set of key=value pairs
53 that describe feature gates for alpha/experimental features. Options
54 are
55 APIListChunking=true|false (BETA - default=true)
58 APIPriorityAndFairness=true|false (ALPHA - default=false)
59 APIResponseCompression=true|false (BETA - default=true)
60 AllAlpha=true|false (ALPHA - default=false)
61 AllBeta=true|false (BETA - default=false)
62 AllowInsecureBackendProxy=true|false (BETA - default=true)
63 AnyVolumeDataSource=true|false (ALPHA - default=false)
64 AppArmor=true|false (BETA - default=true)
65 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
66 BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)
67 CPUManager=true|false (BETA - default=true)
68 CRIContainerLogRotation=true|false (BETA - default=true)
69 CSIInlineVolume=true|false (BETA - default=true)
70 CSIMigration=true|false (BETA - default=true)
71 CSIMigrationAWS=true|false (BETA - default=false)
72 CSIMigrationAWSComplete=true|false (ALPHA - default=false)
73 CSIMigrationAzureDisk=true|false (ALPHA - default=false)
74 CSIMigrationAzureDiskComplete=true|false (ALPHA - default=false)
75 CSIMigrationAzureFile=true|false (ALPHA - default=false)
76 CSIMigrationAzureFileComplete=true|false (ALPHA - default=false)
77 CSIMigrationGCE=true|false (BETA - default=false)
78 CSIMigrationGCEComplete=true|false (ALPHA - default=false)
79 CSIMigrationOpenStack=true|false (BETA - default=false)
80 CSIMigrationOpenStackComplete=true|false (ALPHA - default=false)
81 ConfigurableFSGroupPolicy=true|false (ALPHA - default=false)
82 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
83 DefaultIngressClass=true|false (BETA - default=true)
84 DevicePlugins=true|false (BETA - default=true)
85 DryRun=true|false (BETA - default=true)
86 DynamicAuditing=true|false (ALPHA - default=false)
87 DynamicKubeletConfig=true|false (BETA - default=true)
88 EndpointSlice=true|false (BETA - default=true)
89 EndpointSliceProxying=true|false (ALPHA - default=false)
90 EphemeralContainers=true|false (ALPHA - default=false)
91 EvenPodsSpread=true|false (BETA - default=true)
92 ExpandCSIVolumes=true|false (BETA - default=true)
93 ExpandInUsePersistentVolumes=true|false (BETA - default=true)
94 ExpandPersistentVolumes=true|false (BETA - default=true)
95 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
96 HPAScaleToZero=true|false (ALPHA - default=false)
97 HugePageStorageMediumSize=true|false (ALPHA - default=false)
98 HyperVContainer=true|false (ALPHA - default=false)
99 IPv6DualStack=true|false (ALPHA - default=false)
100 ImmutableEphemeralVolumes=true|false (ALPHA - default=false)
101 KubeletPodResources=true|false (BETA - default=true)
102 LegacyNodeRoleBehavior=true|false (ALPHA - default=true)
103 LocalStorageCapacityIsolation=true|false (BETA - default=true)
104 LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - default=false)
105 NodeDisruptionExclusion=true|false (ALPHA - default=false)
106 NonPreemptingPriority=true|false (ALPHA - default=false)
107 PodDisruptionBudget=true|false (BETA - default=true)
108 PodOverhead=true|false (BETA - default=true)
109 ProcMountType=true|false (ALPHA - default=false)
110 QOSReserved=true|false (ALPHA - default=false)
111 RemainingItemCount=true|false (BETA - default=true)
112 RemoveSelfLink=true|false (ALPHA - default=false)
113 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
114 RotateKubeletClientCertificate=true|false (BETA - default=true)
115 RotateKubeletServerCertificate=true|false (BETA - default=true)
116 RunAsGroup=true|false (BETA - default=true)
117 RuntimeClass=true|false (BETA - default=true)
118 SCTPSupport=true|false (ALPHA - default=false)
119 SelectorIndex=true|false (ALPHA - default=false)
120 ServerSideApply=true|false (BETA - default=true)
121 ServiceAccountIssuerDiscovery=true|false (ALPHA - default=false)
122 ServiceAppProtocol=true|false (ALPHA - default=false)
123 ServiceNodeExclusion=true|false (ALPHA - default=false)
124 ServiceTopology=true|false (ALPHA - default=false)
125 StartupProbe=true|false (BETA - default=true)
126 StorageVersionHash=true|false (BETA - default=true)
127 SupportNodePidsLimit=true|false (BETA - default=true)
128 SupportPodPidsLimit=true|false (BETA - default=true)
129 Sysctls=true|false (BETA - default=true)
130 TTLAfterFinished=true|false (ALPHA - default=false)
131 TokenRequest=true|false (BETA - default=true)
132 TokenRequestProjection=true|false (BETA - default=true)
133 TopologyManager=true|false (BETA - default=true)
134 ValidateProxyRedirects=true|false (BETA - default=true)
135 VolumeSnapshotDataSource=true|false (BETA - default=true)
136 WinDSR=true|false (ALPHA - default=false)
137 WinOverlay=true|false (ALPHA - default=false)
138 --healthz-bind-address ipport The IP address with port
142 for the health check server to serve on (set to '0.0.0.0 10256'
143 for all IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set
144 empty to disable. (default 0.0.0.0:10256)
145 -h, --help help for kube-proxy
148 --hostname-override string If non-empty, will
149 use this string as identification instead of the actual hostname.
150 --iptables-masquerade-bit int32 If using the pure
151 iptables proxy, the bit of the fwmark space to mark packets requiring
152 SNAT with. Must be within the range [0, 31]. (default 14)
153 --iptables-min-sync-period duration The minimum inter‐
154 val of how often the iptables rules can be refreshed as endpoints and
155 services change (e.g. '5s', '1m', '2h22m').
156 --iptables-sync-period duration The maximum inter‐
157 val of how often iptables rules are refreshed (e.g. '5s', '1m',
158 '2h22m'). Must be greater than 0. (default 30s)
159 --ipvs-exclude-cidrs strings A comma-separated
160 list of CIDR's which the ipvs proxier should not touch when cleaning up
161 IPVS rules.
162 --ipvs-min-sync-period duration The minimum inter‐
163 val of how often the ipvs rules can be refreshed as endpoints and ser‐
164 vices change (e.g. '5s', '1m', '2h22m').
165 --ipvs-scheduler string The ipvs scheduler
166 type when proxy mode is ipvs
167 --ipvs-strict-arp Enable strict ARP
168 by setting arp_ignore to 1 and arp_announce to 2
169 --ipvs-sync-period duration The maximum inter‐
170 val of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m').
171 Must be greater than 0. (default 30s)
172 --ipvs-tcp-timeout duration The timeout for
173 idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m',
174 '2h22m').
175 --ipvs-tcpfin-timeout duration The timeout for
176 IPVS TCP connections after receiving a FIN packet, 0 to leave as-is.
177 (e.g. '5s', '1m', '2h22m').
178 --ipvs-udp-timeout duration The timeout for
179 IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
180 --kube-api-burst int32 Burst to use while
181 talking with kubernetes apiserver (default 10)
182 --kube-api-content-type string Content type of
183 requests sent to apiserver. (default "application/vnd.kubernetes.proto‐
184 buf")
185 --kube-api-qps float32 QPS to use while
186 talking with kubernetes apiserver (default 5)
187 --kubeconfig string Path to kubeconfig
188 file with authorization information (the master location is set by the
189 master flag).
190 --log-flush-frequency duration Maximum number of
191 seconds between log flushes (default 5s)
192 --masquerade-all If using the pure
193 iptables proxy, SNAT all traffic sent via Service cluster IPs (this not
194 commonly needed)
195 --master string The address of the
196 Kubernetes API server (overrides any value in kubeconfig) --met‐
197 rics-bind-address ipport The IP address with port for
198 the metrics server to serve on (set to '0.0.0.0 10249' for all
199 IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to
200 disable. (default 127.0.0.1:10249)
201 --nodeport-addresses strings A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
204 --oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
205 --profiling If true enables profiling via web interface on /debug/pprof handler.
206 --proxy-mode ProxyMode Which proxy mode to use
210 'userspace' (older) or 'iptables' (faster) or 'ipvs'. If blank,
211 use the best-available proxy (currently iptables). If the iptables
212 proxy is selected, regardless of how, but the system's kernel or ipta‐
213 bles versions are insufficient, this always falls back to the userspace
214 proxy.
215 --proxy-port-range port-range Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.
218 --show-hidden-metrics-for-version string The previous version for
222 which you want to show hidden metrics. Only the previous minor version
223 is meaningful, other values will not be allowed. The format is ., e.g.
224 '1.16'. The purpose of this format is make sure you have the
225 opportunity to notice if the next release hides additional metrics,
226 rather than being surprised when they are permanently removed in the
227 release after that.
228 --udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
231 --version version[=true] Print version information and quit
232 --write-config-to string If set, write the default configuration values to this file and exit.
233
238 /usr/bin/kube-proxy --logtostderr=true --v=0 --mas‐
239 ter=http://127.0.0.1:8080
240Manuals User KUBERNETES(1)(kubernetes)