1KUBERNETES(1) General Commands Manual KUBERNETES(1)
2
6 kube-proxy - Provides network proxy services.
7
11 kube-proxy [OPTIONS]
12
16 The Kubernetes network proxy runs on each node. This reflects services
17 as defined in the Kubernetes API on each node and can do simple TCP,
18 UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP
19 forwarding across a set of backends. Service cluster IPs and ports are
20 currently found through Docker-links-compatible environment variables
21 specifying ports opened by the service proxy. There is an optional
22 addon that provides cluster DNS for these cluster IPs. The user must
23 create a service with the apiserver API to configure the proxy.
24 kube-proxy [flags]
27
31 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
32 **--bind-address 0.0.0.0 The IP address for the
36 proxy server to serve on (set to 0.0.0.0 for all IPv4 interfaces and **
37 : for all IPv6 interfaces) (default 0.0.0.0)
38 --cleanup If true cleanup iptables and ipvs rules and exit.
41 --cleanup-ipvs If true make kube-proxy cleanup ipvs rules before running. Default is true (default true)
42 --cluster-cidr string The CIDR range of pods in the cluster. When configured, traffic sent to a Service cluster IP from outside this range will be masqueraded and traffic sent from pods to an external LoadBalancer IP will be directed to the respective cluster IP instead
43 --config string The path to the configuration file.
44 --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s)
45 --conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
46 --conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
47 --conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
48 --conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
49 --feature-gates mapStringBool A set of key=value pairs
53 that describe feature gates for alpha/experimental features. Options
54 are
55 APIListChunking=true|false (BETA - default=true)
58 APIResponseCompression=true|false (ALPHA - default=false)
59 AllAlpha=true|false (ALPHA - default=false)
60 AppArmor=true|false (BETA - default=true)
61 AttachVolumeLimit=true|false (BETA - default=true)
62 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
63 BlockVolume=true|false (ALPHA - default=false)
64 CPUManager=true|false (BETA - default=true)
65 CRIContainerLogRotation=true|false (BETA - default=true)
66 CSIBlockVolume=true|false (ALPHA - default=false)
67 CSIDriverRegistry=true|false (ALPHA - default=false)
68 CSINodeInfo=true|false (ALPHA - default=false)
69 CSIPersistentVolume=true|false (BETA - default=true)
70 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
71 CustomPodDNS=true|false (BETA - default=true)
72 CustomResourceSubresources=true|false (BETA - default=true)
73 CustomResourceValidation=true|false (BETA - default=true)
74 DebugContainers=true|false (ALPHA - default=false)
75 DevicePlugins=true|false (BETA - default=true)
76 DryRun=true|false (ALPHA - default=false)
77 DynamicKubeletConfig=true|false (BETA - default=true)
78 EnableEquivalenceClassCache=true|false (ALPHA - default=false)
79 ExpandInUsePersistentVolumes=true|false (ALPHA - default=false)
80 ExpandPersistentVolumes=true|false (BETA - default=true)
81 ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)
82 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
83 GCERegionalPersistentDisk=true|false (BETA - default=true)
84 HugePages=true|false (BETA - default=true)
85 HyperVContainer=true|false (ALPHA - default=false)
86 Initializers=true|false (ALPHA - default=false)
87 KubeletPluginsWatcher=true|false (BETA - default=true)
88 LocalStorageCapacityIsolation=true|false (BETA - default=true)
89 MountContainers=true|false (ALPHA - default=false)
90 NodeLease=true|false (ALPHA - default=false)
91 PersistentLocalVolumes=true|false (BETA - default=true)
92 PodPriority=true|false (BETA - default=true)
93 PodReadinessGates=true|false (BETA - default=true)
94 PodShareProcessNamespace=true|false (BETA - default=true)
95 ProcMountType=true|false (ALPHA - default=false)
96 QOSReserved=true|false (ALPHA - default=false)
97 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
98 ResourceQuotaScopeSelectors=true|false (BETA - default=true)
99 RotateKubeletClientCertificate=true|false (BETA - default=true)
100 RotateKubeletServerCertificate=true|false (BETA - default=true)
101 RunAsGroup=true|false (ALPHA - default=false)
102 RuntimeClass=true|false (ALPHA - default=false)
103 SCTPSupport=true|false (ALPHA - default=false)
104 ScheduleDaemonSetPods=true|false (BETA - default=true)
105 ServiceNodeExclusion=true|false (ALPHA - default=false)
106 StreamingProxyRedirects=true|false (BETA - default=true)
107 SupportPodPidsLimit=true|false (ALPHA - default=false)
108 Sysctls=true|false (BETA - default=true)
109 TTLAfterFinished=true|false (ALPHA - default=false)
110 TaintBasedEvictions=true|false (ALPHA - default=false)
111 TaintNodesByCondition=true|false (BETA - default=true)
112 TokenRequest=true|false (BETA - default=true)
113 TokenRequestProjection=true|false (BETA - default=true)
114 ValidateProxyRedirects=true|false (ALPHA - default=false)
115 VolumeScheduling=true|false (BETA - default=true)
116 VolumeSnapshotDataSource=true|false (ALPHA - default=false)
117 VolumeSubpathEnvExpansion=true|false (ALPHA - default=false)
118 **--healthz-bind-address 0.0.0.0 The IP address and
122 port for the health check server to serve on (set to 0.0.0.0 for all
123 IPv4 interfaces and **
124 : for all IPv6 interfaces) (default 0.0.0.0:10256)
125 --healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10256)
128 -h, --help help for kube-proxy
132 --hostname-override string If non-empty, will
133 use this string as identification instead of the actual hostname.
134 --iptables-masquerade-bit int32 If using the pure
135 iptables proxy, the bit of the fwmark space to mark packets requiring
136 SNAT with. Must be within the range [0, 31]. (default 14)
137 --iptables-min-sync-period duration The minimum
138 interval of how often the iptables rules can be refreshed as endpoints
139 and services change (e.g. '5s', '1m', '2h22m').
140 --iptables-sync-period duration The maximum
141 interval of how often iptables rules are refreshed (e.g. '5s', '1m',
142 '2h22m'). Must be greater than 0. (default 30s)
143 --ipvs-exclude-cidrs strings A comma-separated
144 list of CIDR's which the ipvs proxier should not touch when cleaning up
145 IPVS rules.
146 --ipvs-min-sync-period duration The minimum
147 interval of how often the ipvs rules can be refreshed as endpoints and
148 services change (e.g. '5s', '1m', '2h22m').
149 --ipvs-scheduler string The ipvs scheduler
150 type when proxy mode is ipvs
151 --ipvs-sync-period duration The maximum
152 interval of how often ipvs rules are refreshed (e.g. '5s', '1m',
153 '2h22m'). Must be greater than 0. (default 30s)
154 --kube-api-burst int32 Burst to use while
155 talking with kubernetes apiserver (default 10)
156 --kube-api-content-type string Content type of
157 requests sent to apiserver. (default
158 "application/vnd.kubernetes.protobuf")
159 --kube-api-qps float32 QPS to use while
160 talking with kubernetes apiserver (default 5)
161 --kubeconfig string Path to kubeconfig
162 file with authorization information (the master location is set by the
163 master flag).
164 --log-flush-frequency duration Maximum number of
165 seconds between log flushes (default 5s)
166 --masquerade-all If using the pure
167 iptables proxy, SNAT all traffic sent via Service cluster IPs (this not
168 commonly needed)
169 --master string The address of the
170 Kubernetes API server (overrides any value in kubeconfig)
171 **--metrics-bind-address 0.0.0.0 The IP address and
172 port for the metrics server to serve on (set to 0.0.0.0 for all IPv4
173 interfaces and **
174 : for all IPv6 interfaces) (default 127.0.0.1:10249)
175 --nodeport-addresses strings A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
178 --oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
179 --profiling If true enables profiling via web interface on /debug/pprof handler.
180 --proxy-mode ProxyMode Which proxy mode to use
184 'userspace' (older) or 'iptables' (faster) or 'ipvs'
185 (experimental). If blank, use the best-available proxy (currently
186 iptables). If the iptables proxy is selected, regardless of how, but
187 the system's kernel or iptables versions are insufficient, this always
188 falls back to the userspace proxy.
189 --proxy-port-range port-range Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.
192 --udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
193 --version version[=true] Print version information and quit
194 --write-config-to string If set, write the default configuration values to this file and exit.
195
200 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=
201 ⟨http://127.0.0.1:8080⟩
202 kubernetes User Manuals KUBERNETES(1)