1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
6 kube-proxy - Provides network proxy services.
7
11 kube-proxy [OPTIONS]
12
16 The Kubernetes network proxy runs on each node. This reflects services
17 as defined in the Kubernetes API on each node and can do simple TCP,
18 UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP for‐
19 warding across a set of backends. Service cluster IPs and ports are
20 currently found through Docker-links-compatible environment variables
21 specifying ports opened by the service proxy. There is an optional
22 addon that provides cluster DNS for these cluster IPs. The user must
23 create a service with the apiserver API to configure the proxy.
24 kube-proxy [flags]
27
31 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
32 **--bind-address 0.0.0.0 The IP address for the
36 proxy server to serve on (set to 0.0.0.0 for all IPv4 interfaces and **
37 : for all IPv6 interfaces) (default 0.0.0.0)
38 --cleanup If true cleanup iptables and ipvs rules and exit.
41 --cleanup-ipvs If true and --cleanup is specified, kube-proxy will also flush IPVS rules, in addition to normal cleanup. (default true)
42 --cluster-cidr string The CIDR range of pods in the cluster. When configured, traffic sent to a Service cluster IP from outside this range will be masqueraded and traffic sent from pods to an external LoadBalancer IP will be directed to the respective cluster IP instead
43 --config string The path to the configuration file.
44 --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s)
45 --conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768)
46 --conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072)
47 --conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s)
48 --conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s)
49 --feature-gates mapStringBool A set of key=value pairs
53 that describe feature gates for alpha/experimental features. Options
54 are
55 APIListChunking=true|false (BETA - default=true)
58 APIResponseCompression=true|false (ALPHA - default=false)
59 AllAlpha=true|false (ALPHA - default=false)
60 AppArmor=true|false (BETA - default=true)
61 AttachVolumeLimit=true|false (BETA - default=true)
62 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
63 BlockVolume=true|false (BETA - default=true)
64 BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)
65 CPUManager=true|false (BETA - default=true)
66 CRIContainerLogRotation=true|false (BETA - default=true)
67 CSIBlockVolume=true|false (BETA - default=true)
68 CSIDriverRegistry=true|false (BETA - default=true)
69 CSIInlineVolume=true|false (ALPHA - default=false)
70 CSIMigration=true|false (ALPHA - default=false)
71 CSIMigrationAWS=true|false (ALPHA - default=false)
72 CSIMigrationAzureDisk=true|false (ALPHA - default=false)
73 CSIMigrationAzureFile=true|false (ALPHA - default=false)
74 CSIMigrationGCE=true|false (ALPHA - default=false)
75 CSIMigrationOpenStack=true|false (ALPHA - default=false)
76 CSINodeInfo=true|false (BETA - default=true)
77 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
78 CustomResourceDefaulting=true|false (ALPHA - default=false)
79 CustomResourcePublishOpenAPI=true|false (BETA - default=true)
80 CustomResourceSubresources=true|false (BETA - default=true)
81 CustomResourceValidation=true|false (BETA - default=true)
82 CustomResourceWebhookConversion=true|false (BETA - default=true)
83 DebugContainers=true|false (ALPHA - default=false)
84 DevicePlugins=true|false (BETA - default=true)
85 DryRun=true|false (BETA - default=true)
86 DynamicAuditing=true|false (ALPHA - default=false)
87 DynamicKubeletConfig=true|false (BETA - default=true)
88 ExpandCSIVolumes=true|false (ALPHA - default=false)
89 ExpandInUsePersistentVolumes=true|false (BETA - default=true)
90 ExpandPersistentVolumes=true|false (BETA - default=true)
91 ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)
92 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
93 HyperVContainer=true|false (ALPHA - default=false)
94 KubeletPodResources=true|false (BETA - default=true)
95 LocalStorageCapacityIsolation=true|false (BETA - default=true)
96 LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - default=false)
97 MountContainers=true|false (ALPHA - default=false)
98 NodeLease=true|false (BETA - default=true)
99 NonPreemptingPriority=true|false (ALPHA - default=false)
100 PodShareProcessNamespace=true|false (BETA - default=true)
101 ProcMountType=true|false (ALPHA - default=false)
102 QOSReserved=true|false (ALPHA - default=false)
103 RemainingItemCount=true|false (ALPHA - default=false)
104 RequestManagement=true|false (ALPHA - default=false)
105 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
106 ResourceQuotaScopeSelectors=true|false (BETA - default=true)
107 RotateKubeletClientCertificate=true|false (BETA - default=true)
108 RotateKubeletServerCertificate=true|false (BETA - default=true)
109 RunAsGroup=true|false (BETA - default=true)
110 RuntimeClass=true|false (BETA - default=true)
111 SCTPSupport=true|false (ALPHA - default=false)
112 ScheduleDaemonSetPods=true|false (BETA - default=true)
113 ServerSideApply=true|false (ALPHA - default=false)
114 ServiceLoadBalancerFinalizer=true|false (ALPHA - default=false)
115 ServiceNodeExclusion=true|false (ALPHA - default=false)
116 StorageVersionHash=true|false (BETA - default=true)
117 StreamingProxyRedirects=true|false (BETA - default=true)
118 SupportNodePidsLimit=true|false (BETA - default=true)
119 SupportPodPidsLimit=true|false (BETA - default=true)
120 Sysctls=true|false (BETA - default=true)
121 TTLAfterFinished=true|false (ALPHA - default=false)
122 TaintBasedEvictions=true|false (BETA - default=true)
123 TaintNodesByCondition=true|false (BETA - default=true)
124 TokenRequest=true|false (BETA - default=true)
125 TokenRequestProjection=true|false (BETA - default=true)
126 ValidateProxyRedirects=true|false (BETA - default=true)
127 VolumePVCDataSource=true|false (ALPHA - default=false)
128 VolumeSnapshotDataSource=true|false (ALPHA - default=false)
129 VolumeSubpathEnvExpansion=true|false (BETA - default=true)
130 WatchBookmark=true|false (ALPHA - default=false)
131 WinDSR=true|false (ALPHA - default=false)
132 WinOverlay=true|false (ALPHA - default=false)
133 WindowsGMSA=true|false (ALPHA - default=false)
134 **--healthz-bind-address 0.0.0.0 The IP address for the
138 health check server to serve on (set to 0.0.0.0 for all IPv4 interfaces
139 and ** : for all IPv6 interfaces) (default 0.0.0.0:10256)
140 --healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10256)
143 -h, --help help for kube-proxy
147 --hostname-override string If non-empty, will
148 use this string as identification instead of the actual hostname.
149 --iptables-masquerade-bit int32 If using the pure
150 iptables proxy, the bit of the fwmark space to mark packets requiring
151 SNAT with. Must be within the range [0, 31]. (default 14)
152 --iptables-min-sync-period duration The minimum inter‐
153 val of how often the iptables rules can be refreshed as endpoints and
154 services change (e.g. '5s', '1m', '2h22m').
155 --iptables-sync-period duration The maximum inter‐
156 val of how often iptables rules are refreshed (e.g. '5s', '1m',
157 '2h22m'). Must be greater than 0. (default 30s)
158 --ipvs-exclude-cidrs strings A comma-separated
159 list of CIDR's which the ipvs proxier should not touch when cleaning up
160 IPVS rules.
161 --ipvs-min-sync-period duration The minimum inter‐
162 val of how often the ipvs rules can be refreshed as endpoints and ser‐
163 vices change (e.g. '5s', '1m', '2h22m').
164 --ipvs-scheduler string The ipvs scheduler
165 type when proxy mode is ipvs
166 --ipvs-strict-arp Enable strict ARP
167 by setting arp_ignore to 1 and arp_announce to 2
168 --ipvs-sync-period duration The maximum inter‐
169 val of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m').
170 Must be greater than 0. (default 30s)
171 --kube-api-burst int32 Burst to use while
172 talking with kubernetes apiserver (default 10)
173 --kube-api-content-type string Content type of
174 requests sent to apiserver. (default "application/vnd.kubernetes.proto‐
175 buf")
176 --kube-api-qps float32 QPS to use while
177 talking with kubernetes apiserver (default 5)
178 --kubeconfig string Path to kubeconfig
179 file with authorization information (the master location is set by the
180 master flag).
181 --log-flush-frequency duration Maximum number of
182 seconds between log flushes (default 5s)
183 --masquerade-all If using the pure
184 iptables proxy, SNAT all traffic sent via Service cluster IPs (this not
185 commonly needed)
186 --master string The address of the
187 Kubernetes API server (overrides any value in kubeconfig) **--met‐
188 rics-bind-address 0.0.0.0 The IP address for the met‐
189 rics server to serve on (set to 0.0.0.0 for all IPv4 interfaces and **
190 : for all IPv6 interfaces) (default 127.0.0.1:10249)
191 --metrics-port int32 The port to bind the metrics server. Use 0 to disable. (default 10249)
194 --nodeport-addresses strings A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
195 --oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999)
196 --profiling If true enables profiling via web interface on /debug/pprof handler.
197 --proxy-mode ProxyMode Which proxy mode to use
201 'userspace' (older) or 'iptables' (faster) or 'ipvs' (experimen‐
202 tal). If blank, use the best-available proxy (currently iptables). If
203 the iptables proxy is selected, regardless of how, but the system's
204 kernel or iptables versions are insufficient, this always falls back to
205 the userspace proxy.
206 --proxy-port-range port-range Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.
209 --udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms)
210 --version version[=true] Print version information and quit
211 --write-config-to string If set, write the default configuration values to this file and exit.
212
217 /usr/bin/kube-proxy --logtostderr=true --v=0 --mas‐
218 ter=http://127.0.0.1:8080
219Manuals User KUBERNETES(1)(kubernetes)