1KUBERNETES(1)               General Commands Manual              KUBERNETES(1)
2
3
4

NAME

6       kube-proxy - Provides network proxy services.
7
8
9

SYNOPSIS

11       kube-proxy [OPTIONS]
12
13
14

DESCRIPTION

16       The Kubernetes network proxy runs on each node. This reflects services
17       as defined in the Kubernetes API on each node and can do simple TCP,
18       UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP
19       forwarding across a set of backends.  Service cluster IPs and ports are
20       currently found through Docker-links-compatible environment variables
21       specifying ports opened by the service proxy. There is an optional
22       addon that provides cluster DNS for these cluster IPs. The user must
23       create a service with the apiserver API to configure the proxy.
24
25
26       kube-proxy [flags]
27
28
29

OPTIONS

31                --azure-container-registry-config string       Path to the file containing Azure container registry configuration information.
32
33
34
35       **--bind-address 0.0.0.0                         The IP address for the
36       proxy server to serve on (set to 0.0.0.0 for all IPv4 interfaces and **
37           : for all IPv6 interfaces) (default 0.0.0.0)
38
39
40                --cleanup                                      If true cleanup iptables and ipvs rules and exit.
41                --cleanup-ipvs                                 If true make kube-proxy cleanup ipvs rules before running.  Default is true (default true)
42                --cluster-cidr string                          The CIDR range of pods in the cluster. When configured, traffic sent to a Service cluster IP from outside this range will be masqueraded and traffic sent from pods to an external LoadBalancer IP will be directed to the respective cluster IP instead
43                --config string                                The path to the configuration file.
44                --config-sync-period duration                  How often configuration from the apiserver is refreshed.  Must be greater than 0. (default 15m0s)
45                --conntrack-max-per-core int32                 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
46                --conntrack-min int32                          Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
47                --conntrack-tcp-timeout-close-wait duration    NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
48                --conntrack-tcp-timeout-established duration   Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
49
50
51
52       --feature-gates mapStringBool                  A set of key=value pairs
53       that describe feature gates for alpha/experimental features. Options
54       are
55
56
57                                                               APIListChunking=true|false (BETA - default=true)
58                                                               APIResponseCompression=true|false (ALPHA - default=false)
59                                                               AllAlpha=true|false (ALPHA - default=false)
60                                                               AppArmor=true|false (BETA - default=true)
61                                                               AttachVolumeLimit=true|false (BETA - default=true)
62                                                               BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
63                                                               BlockVolume=true|false (ALPHA - default=false)
64                                                               CPUManager=true|false (BETA - default=true)
65                                                               CRIContainerLogRotation=true|false (BETA - default=true)
66                                                               CSIBlockVolume=true|false (ALPHA - default=false)
67                                                               CSIDriverRegistry=true|false (ALPHA - default=false)
68                                                               CSINodeInfo=true|false (ALPHA - default=false)
69                                                               CSIPersistentVolume=true|false (BETA - default=true)
70                                                               CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
71                                                               CustomPodDNS=true|false (BETA - default=true)
72                                                               CustomResourceSubresources=true|false (BETA - default=true)
73                                                               CustomResourceValidation=true|false (BETA - default=true)
74                                                               DebugContainers=true|false (ALPHA - default=false)
75                                                               DevicePlugins=true|false (BETA - default=true)
76                                                               DryRun=true|false (ALPHA - default=false)
77                                                               DynamicKubeletConfig=true|false (BETA - default=true)
78                                                               EnableEquivalenceClassCache=true|false (ALPHA - default=false)
79                                                               ExpandInUsePersistentVolumes=true|false (ALPHA - default=false)
80                                                               ExpandPersistentVolumes=true|false (BETA - default=true)
81                                                               ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)
82                                                               ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
83                                                               GCERegionalPersistentDisk=true|false (BETA - default=true)
84                                                               HugePages=true|false (BETA - default=true)
85                                                               HyperVContainer=true|false (ALPHA - default=false)
86                                                               Initializers=true|false (ALPHA - default=false)
87                                                               KubeletPluginsWatcher=true|false (BETA - default=true)
88                                                               LocalStorageCapacityIsolation=true|false (BETA - default=true)
89                                                               MountContainers=true|false (ALPHA - default=false)
90                                                               NodeLease=true|false (ALPHA - default=false)
91                                                               PersistentLocalVolumes=true|false (BETA - default=true)
92                                                               PodPriority=true|false (BETA - default=true)
93                                                               PodReadinessGates=true|false (BETA - default=true)
94                                                               PodShareProcessNamespace=true|false (BETA - default=true)
95                                                               ProcMountType=true|false (ALPHA - default=false)
96                                                               QOSReserved=true|false (ALPHA - default=false)
97                                                               ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
98                                                               ResourceQuotaScopeSelectors=true|false (BETA - default=true)
99                                                               RotateKubeletClientCertificate=true|false (BETA - default=true)
100                                                               RotateKubeletServerCertificate=true|false (BETA - default=true)
101                                                               RunAsGroup=true|false (ALPHA - default=false)
102                                                               RuntimeClass=true|false (ALPHA - default=false)
103                                                               SCTPSupport=true|false (ALPHA - default=false)
104                                                               ScheduleDaemonSetPods=true|false (BETA - default=true)
105                                                               ServiceNodeExclusion=true|false (ALPHA - default=false)
106                                                               StreamingProxyRedirects=true|false (BETA - default=true)
107                                                               SupportPodPidsLimit=true|false (ALPHA - default=false)
108                                                               Sysctls=true|false (BETA - default=true)
109                                                               TTLAfterFinished=true|false (ALPHA - default=false)
110                                                               TaintBasedEvictions=true|false (ALPHA - default=false)
111                                                               TaintNodesByCondition=true|false (BETA - default=true)
112                                                               TokenRequest=true|false (BETA - default=true)
113                                                               TokenRequestProjection=true|false (BETA - default=true)
114                                                               ValidateProxyRedirects=true|false (ALPHA - default=false)
115                                                               VolumeScheduling=true|false (BETA - default=true)
116                                                               VolumeSnapshotDataSource=true|false (ALPHA - default=false)
117                                                               VolumeSubpathEnvExpansion=true|false (ALPHA - default=false)
118
119
120
121       **--healthz-bind-address 0.0.0.0                 The IP address and
122       port for the health check server to serve on (set to 0.0.0.0 for all
123       IPv4 interfaces and **
124           : for all IPv6 interfaces) (default 0.0.0.0:10256)
125
126
127                --healthz-port int32                           The port to bind the health check server. Use 0 to disable. (default 10256)
128
129
130
131       -h, --help                                         help for kube-proxy
132             --hostname-override string                     If non-empty, will
133       use this string as identification instead of the actual hostname.
134             --iptables-masquerade-bit int32                If using the pure
135       iptables proxy, the bit of the fwmark space to mark packets requiring
136       SNAT with.  Must be within the range [0, 31]. (default 14)
137             --iptables-min-sync-period duration            The minimum
138       interval of how often the iptables rules can be refreshed as endpoints
139       and services change (e.g. '5s', '1m', '2h22m').
140             --iptables-sync-period duration                The maximum
141       interval of how often iptables rules are refreshed (e.g. '5s', '1m',
142       '2h22m').  Must be greater than 0. (default 30s)
143             --ipvs-exclude-cidrs strings                   A comma-separated
144       list of CIDR's which the ipvs proxier should not touch when cleaning up
145       IPVS rules.
146             --ipvs-min-sync-period duration                The minimum
147       interval of how often the ipvs rules can be refreshed as endpoints and
148       services change (e.g. '5s', '1m', '2h22m').
149             --ipvs-scheduler string                        The ipvs scheduler
150       type when proxy mode is ipvs
151             --ipvs-sync-period duration                    The maximum
152       interval of how often ipvs rules are refreshed (e.g. '5s', '1m',
153       '2h22m').  Must be greater than 0. (default 30s)
154             --kube-api-burst int32                         Burst to use while
155       talking with kubernetes apiserver (default 10)
156             --kube-api-content-type string                 Content type of
157       requests sent to apiserver. (default
158       "application/vnd.kubernetes.protobuf")
159             --kube-api-qps float32                         QPS to use while
160       talking with kubernetes apiserver (default 5)
161             --kubeconfig string                            Path to kubeconfig
162       file with authorization information (the master location is set by the
163       master flag).
164             --log-flush-frequency duration                 Maximum number of
165       seconds between log flushes (default 5s)
166             --masquerade-all                               If using the pure
167       iptables proxy, SNAT all traffic sent via Service cluster IPs (this not
168       commonly needed)
169             --master string                                The address of the
170       Kubernetes API server (overrides any value in kubeconfig)
171       **--metrics-bind-address 0.0.0.0                 The IP address and
172       port for the metrics server to serve on (set to 0.0.0.0 for all IPv4
173       interfaces and **
174           : for all IPv6 interfaces) (default 127.0.0.1:10249)
175
176
177                --nodeport-addresses strings                   A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
178                --oom-score-adj int32                          The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
179                --profiling                                    If true enables profiling via web interface on /debug/pprof handler.
180
181
182
183       --proxy-mode ProxyMode                         Which proxy mode to use
184            'userspace' (older) or 'iptables' (faster) or 'ipvs'
185       (experimental). If blank, use the best-available proxy (currently
186       iptables).  If the iptables proxy is selected, regardless of how, but
187       the system's kernel or iptables versions are insufficient, this always
188       falls back to the userspace proxy.
189
190
191                --proxy-port-range port-range                  Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.
192                --udp-timeout duration                         How long an idle UDP connection will be kept open (e.g. '250ms', '2s').  Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
193                --version version[=true]                       Print version information and quit
194                --write-config-to string                       If set, write the default configuration values to this file and exit.
195
196
197
198

EXAMPLES

200       /usr/bin/kube-proxy --logtostderr=true --v=0 --master=
201http://127.0.0.1:8080⟩
202
203
204
205                            kubernetes User Manuals              KUBERNETES(1)
Impressum