1KUBERNETES(1) General Commands Manual KUBERNETES(1)
2
6 kube-proxy - Provides network proxy services.
7
11 kube-proxy [OPTIONS]
12
16 The Kubernetes network proxy runs on each node. This reflects services
17 as defined in the Kubernetes API on each node and can do simple TCP,
18 UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP
19 forwarding across a set of backends. Service cluster IPs and ports are
20 currently found through Docker-links-compatible environment variables
21 specifying ports opened by the service proxy. There is an optional
22 addon that provides cluster DNS for these cluster IPs. The user must
23 create a service with the apiserver API to configure the proxy.
24 kube-proxy [flags]
27
31 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
32 **--bind-address 0.0.0.0 The IP address for the
36 proxy server to serve on (set to 0.0.0.0 for all IPv4 interfaces and **
37 : for all IPv6 interfaces) (default 0.0.0.0)
38 --cleanup If true cleanup iptables and ipvs rules and exit.
41 --cleanup-ipvs If true make kube-proxy cleanup ipvs rules before running. Default is true (default true)
42 --cluster-cidr string The CIDR range of pods in the cluster. When configured, traffic sent to a Service cluster IP from outside this range will be masqueraded and traffic sent from pods to an external LoadBalancer IP will be directed to the respective cluster IP instead
43 --config string The path to the configuration file.
44 --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s)
45 --conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
46 --conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
47 --conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
48 --conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
49 --feature-gates mapStringBool A set of key=value pairs
53 that describe feature gates for alpha/experimental features. Options
54 are
55 APIListChunking=true|false (BETA - default=true)
58 APIResponseCompression=true|false (ALPHA - default=false)
59 AllAlpha=true|false (ALPHA - default=false)
60 AppArmor=true|false (BETA - default=true)
61 AttachVolumeLimit=true|false (BETA - default=true)
62 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
63 BlockVolume=true|false (BETA - default=true)
64 BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)
65 CPUManager=true|false (BETA - default=true)
66 CRIContainerLogRotation=true|false (BETA - default=true)
67 CSIBlockVolume=true|false (ALPHA - default=false)
68 CSIDriverRegistry=true|false (ALPHA - default=false)
69 CSINodeInfo=true|false (ALPHA - default=false)
70 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
71 CustomPodDNS=true|false (BETA - default=true)
72 CustomResourceSubresources=true|false (BETA - default=true)
73 CustomResourceValidation=true|false (BETA - default=true)
74 CustomResourceWebhookConversion=true|false (ALPHA - default=false)
75 DebugContainers=true|false (ALPHA - default=false)
76 DevicePlugins=true|false (BETA - default=true)
77 DryRun=true|false (BETA - default=true)
78 DynamicAuditing=true|false (ALPHA - default=false)
79 DynamicKubeletConfig=true|false (BETA - default=true)
80 EnableEquivalenceClassCache=true|false (ALPHA - default=false)
81 ExpandInUsePersistentVolumes=true|false (ALPHA - default=false)
82 ExpandPersistentVolumes=true|false (BETA - default=true)
83 ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)
84 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
85 HugePages=true|false (BETA - default=true)
86 HyperVContainer=true|false (ALPHA - default=false)
87 Initializers=true|false (ALPHA - default=false)
88 KubeletPodResources=true|false (ALPHA - default=false)
89 LocalStorageCapacityIsolation=true|false (BETA - default=true)
90 MountContainers=true|false (ALPHA - default=false)
91 NodeLease=true|false (ALPHA - default=false)
92 PersistentLocalVolumes=true|false (BETA - default=true)
93 PodPriority=true|false (BETA - default=true)
94 PodReadinessGates=true|false (BETA - default=true)
95 PodShareProcessNamespace=true|false (BETA - default=true)
96 ProcMountType=true|false (ALPHA - default=false)
97 QOSReserved=true|false (ALPHA - default=false)
98 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
99 ResourceQuotaScopeSelectors=true|false (BETA - default=true)
100 RotateKubeletClientCertificate=true|false (BETA - default=true)
101 RotateKubeletServerCertificate=true|false (BETA - default=true)
102 RunAsGroup=true|false (ALPHA - default=false)
103 RuntimeClass=true|false (ALPHA - default=false)
104 SCTPSupport=true|false (ALPHA - default=false)
105 ScheduleDaemonSetPods=true|false (BETA - default=true)
106 ServiceNodeExclusion=true|false (ALPHA - default=false)
107 StreamingProxyRedirects=true|false (BETA - default=true)
108 SupportPodPidsLimit=true|false (ALPHA - default=false)
109 Sysctls=true|false (BETA - default=true)
110 TTLAfterFinished=true|false (ALPHA - default=false)
111 TaintBasedEvictions=true|false (BETA - default=true)
112 TaintNodesByCondition=true|false (BETA - default=true)
113 TokenRequest=true|false (BETA - default=true)
114 TokenRequestProjection=true|false (BETA - default=true)
115 ValidateProxyRedirects=true|false (ALPHA - default=false)
116 VolumeSnapshotDataSource=true|false (ALPHA - default=false)
117 VolumeSubpathEnvExpansion=true|false (ALPHA - default=false)
118 **--healthz-bind-address 0.0.0.0 The IP address for the
122 health check server to serve on (set to 0.0.0.0 for all IPv4 interfaces
123 and **
124 : for all IPv6 interfaces) (default 0.0.0.0:10256)
125 --healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10256)
128 -h, --help help for kube-proxy
132 --hostname-override string If non-empty, will
133 use this string as identification instead of the actual hostname.
134 --iptables-masquerade-bit int32 If using the pure
135 iptables proxy, the bit of the fwmark space to mark packets requiring
136 SNAT with. Must be within the range [0, 31]. (default 14)
137 --iptables-min-sync-period duration The minimum
138 interval of how often the iptables rules can be refreshed as endpoints
139 and services change (e.g. '5s', '1m', '2h22m').
140 --iptables-sync-period duration The maximum
141 interval of how often iptables rules are refreshed (e.g. '5s', '1m',
142 '2h22m'). Must be greater than 0. (default 30s)
143 --ipvs-exclude-cidrs strings A comma-separated
144 list of CIDR's which the ipvs proxier should not touch when cleaning up
145 IPVS rules.
146 --ipvs-min-sync-period duration The minimum
147 interval of how often the ipvs rules can be refreshed as endpoints and
148 services change (e.g. '5s', '1m', '2h22m').
149 --ipvs-scheduler string The ipvs scheduler
150 type when proxy mode is ipvs
151 --ipvs-sync-period duration The maximum
152 interval of how often ipvs rules are refreshed (e.g. '5s', '1m',
153 '2h22m'). Must be greater than 0. (default 30s)
154 --kube-api-burst int32 Burst to use while
155 talking with kubernetes apiserver (default 10)
156 --kube-api-content-type string Content type of
157 requests sent to apiserver. (default
158 "application/vnd.kubernetes.protobuf")
159 --kube-api-qps float32 QPS to use while
160 talking with kubernetes apiserver (default 5)
161 --kubeconfig string Path to kubeconfig
162 file with authorization information (the master location is set by the
163 master flag).
164 --log-flush-frequency duration Maximum number of
165 seconds between log flushes (default 5s)
166 --masquerade-all If using the pure
167 iptables proxy, SNAT all traffic sent via Service cluster IPs (this not
168 commonly needed)
169 --master string The address of the
170 Kubernetes API server (overrides any value in kubeconfig)
171 **--metrics-bind-address 0.0.0.0 The IP address for the
172 metrics server to serve on (set to 0.0.0.0 for all IPv4 interfaces and
173 **
174 : for all IPv6 interfaces) (default 127.0.0.1:10249)
175 --metrics-port int32 The port to bind the metrics server. Use 0 to disable. (default 10249)
178 --nodeport-addresses strings A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
179 --oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
180 --profiling If true enables profiling via web interface on /debug/pprof handler.
181 --proxy-mode ProxyMode Which proxy mode to use
185 'userspace' (older) or 'iptables' (faster) or 'ipvs'
186 (experimental). If blank, use the best-available proxy (currently
187 iptables). If the iptables proxy is selected, regardless of how, but
188 the system's kernel or iptables versions are insufficient, this always
189 falls back to the userspace proxy.
190 --proxy-port-range port-range Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.
193 --udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
194 --version version[=true] Print version information and quit
195 --write-config-to string If set, write the default configuration values to this file and exit.
196
201 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=
202 ⟨http://127.0.0.1:8080⟩
203 kubernetes User Manuals KUBERNETES(1)