1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kube-proxy -
10
14 kube-proxy [OPTIONS]
15
19 The Kubernetes network proxy runs on each node. This reflects services
20 as defined in the Kubernetes API on each node and can do simple TCP,
21 UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP for‐
22 warding across a set of backends. Service cluster IPs and ports are
23 currently found through Docker-links-compatible environment variables
24 specifying ports opened by the service proxy. There is an optional ad‐
25 don that provides cluster DNS for these cluster IPs. The user must cre‐
26 ate a service with the apiserver API to configure the proxy.
27
31 --azure-container-registry-config="" Path to the file containing
32 Azure container registry configuration information.
33 --bind-address=0.0.0.0 The IP address for the proxy server to
36 serve on (set to '0.0.0.0' for all IPv4 interfaces and '::' for all
37 IPv6 interfaces)
38 --bind-address-hard-fail=false If true kube-proxy will treat fail‐
41 ure to bind to a port as fatal and exit
42 --cleanup=false If true cleanup iptables and ipvs rules and exit.
45 --cluster-cidr="" The CIDR range of pods in the cluster. When con‐
48 figured, traffic sent to a Service cluster IP from outside this range
49 will be masqueraded and traffic sent from pods to an external LoadBal‐
50 ancer IP will be directed to the respective cluster IP instead
51 --config="" The path to the configuration file.
54 --config-sync-period=15m0s How often configuration from the apis‐
57 erver is refreshed. Must be greater than 0.
58 --conntrack-max-per-core=32768 Maximum number of NAT connections
61 to track per CPU core (0 to leave the limit as-is and ignore con‐
62 ntrack-min).
63 --conntrack-min=131072 Minimum number of conntrack entries to al‐
66 locate, regardless of conntrack-max-per-core (set con‐
67 ntrack-max-per-core=0 to leave the limit as-is).
68 --conntrack-tcp-timeout-close-wait=1h0m0s NAT timeout for TCP con‐
71 nections in the CLOSE_WAIT state
72 --conntrack-tcp-timeout-established=24h0m0s Idle timeout for es‐
75 tablished TCP connections (0 to leave as-is)
76 --detect-local-mode= Mode to use to detect local traffic
79 --feature-gates= A set of key=value pairs that describe feature
82 gates for alpha/experimental features. Options are: APIListChunk‐
83 ing=true|false (BETA - default=true) APIPriorityAndFairness=true|false
84 (BETA - default=true) APIResponseCompression=true|false (BETA - de‐
85 fault=true) APIServerIdentity=true|false (ALPHA - default=false) AllAl‐
86 pha=true|false (ALPHA - default=false) AllBeta=true|false (BETA - de‐
87 fault=false) AnyVolumeDataSource=true|false (ALPHA - default=false) Ap‐
88 pArmor=true|false (BETA - default=true) BalanceAttachedNodeVol‐
89 umes=true|false (ALPHA - default=false) BoundServiceAccountTokenVol‐
90 ume=true|false (BETA - default=true) CPUManager=true|false (BETA - de‐
91 fault=true) CSIInlineVolume=true|false (BETA - default=true) CSIMigra‐
92 tion=true|false (BETA - default=true) CSIMigrationAWS=true|false (BETA
93 - default=false) CSIMigrationAzureDisk=true|false (BETA - de‐
94 fault=false) CSIMigrationAzureFile=true|false (BETA - default=false)
95 CSIMigrationGCE=true|false (BETA - default=false) CSIMigrationOpen‐
96 Stack=true|false (BETA - default=true) CSIMigrationvSphere=true|false
97 (BETA - default=false) CSIMigrationvSphereComplete=true|false (BETA -
98 default=false) CSIServiceAccountToken=true|false (BETA - default=true)
99 CSIStorageCapacity=true|false (BETA - default=true) CSIVolumeFSGroup‐
100 Policy=true|false (BETA - default=true) CSIVolumeHealth=true|false (AL‐
101 PHA - default=false) ConfigurableFSGroupPolicy=true|false (BETA - de‐
102 fault=true) ControllerManagerLeaderMigration=true|false (ALPHA - de‐
103 fault=false) CronJobControllerV2=true|false (BETA - default=true) Cus‐
104 tomCPUCFSQuotaPeriod=true|false (ALPHA - default=false) DaemonSetUp‐
105 dateSurge=true|false (ALPHA - default=false) DefaultPodTopolo‐
106 gySpread=true|false (BETA - default=true) DevicePlugins=true|false
107 (BETA - default=true) DisableAcceleratorUsageMetrics=true|false (BETA -
108 default=true) DownwardAPIHugePages=true|false (BETA - default=false)
109 DynamicKubeletConfig=true|false (BETA - default=true) EfficientWatchRe‐
110 sumption=true|false (BETA - default=true) EndpointSliceProxy‐
111 ing=true|false (BETA - default=true) EndpointSliceTerminatingCondi‐
112 tion=true|false (ALPHA - default=false) EphemeralContainers=true|false
113 (ALPHA - default=false) ExpandCSIVolumes=true|false (BETA - de‐
114 fault=true) ExpandInUsePersistentVolumes=true|false (BETA - de‐
115 fault=true) ExpandPersistentVolumes=true|false (BETA - default=true)
116 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - de‐
117 fault=false) GenericEphemeralVolume=true|false (BETA - default=true)
118 GracefulNodeShutdown=true|false (BETA - default=true) HPAContainerMet‐
119 rics=true|false (ALPHA - default=false) HPAScaleToZero=true|false (AL‐
120 PHA - default=false) HugePageStorageMediumSize=true|false (BETA - de‐
121 fault=true) IPv6DualStack=true|false (BETA - default=true) InTreePlugi‐
122 nAWSUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
123 DiskUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
124 FileUnregister=true|false (ALPHA - default=false) InTreePluginGCEUnreg‐
125 ister=true|false (ALPHA - default=false) InTreePluginOpenStackUnregis‐
126 ter=true|false (ALPHA - default=false) InTreePluginvSphereUnregis‐
127 ter=true|false (ALPHA - default=false) IndexedJob=true|false (ALPHA -
128 default=false) IngressClassNamespacedParams=true|false (ALPHA - de‐
129 fault=false) KubeletCredentialProviders=true|false (ALPHA - de‐
130 fault=false) KubeletPodResources=true|false (BETA - default=true)
131 KubeletPodResourcesGetAllocatable=true|false (ALPHA - default=false)
132 LocalStorageCapacityIsolation=true|false (BETA - default=true) Local‐
133 StorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - de‐
134 fault=false) LogarithmicScaleDown=true|false (ALPHA - default=false)
135 MemoryManager=true|false (ALPHA - default=false) MixedProtocolLBSer‐
136 vice=true|false (ALPHA - default=false) NamespaceDefaultLabel‐
137 Name=true|false (BETA - default=true) NetworkPolicyEndPort=true|false
138 (ALPHA - default=false) NonPreemptingPriority=true|false (BETA - de‐
139 fault=true) PodAffinityNamespaceSelector=true|false (ALPHA - de‐
140 fault=false) PodDeletionCost=true|false (ALPHA - default=false)
141 PodOverhead=true|false (BETA - default=true) PreferNominat‐
142 edNode=true|false (ALPHA - default=false) ProbeTerminationGracePe‐
143 riod=true|false (ALPHA - default=false) ProcMountType=true|false (ALPHA
144 - default=false) QOSReserved=true|false (ALPHA - default=false) Remain‐
145 ingItemCount=true|false (BETA - default=true) RemoveSelfLink=true|false
146 (BETA - default=true) RotateKubeletServerCertificate=true|false (BETA -
147 default=true) ServerSideApply=true|false (BETA - default=true) Servi‐
148 ceInternalTrafficPolicy=true|false (ALPHA - default=false) ServiceLBN‐
149 odePortControl=true|false (ALPHA - default=false) ServiceLoadBalancer‐
150 Class=true|false (ALPHA - default=false) ServiceTopology=true|false
151 (ALPHA - default=false) SetHostnameAsFQDN=true|false (BETA - de‐
152 fault=true) SizeMemoryBackedVolumes=true|false (ALPHA - default=false)
153 StorageVersionAPI=true|false (ALPHA - default=false) StorageVersion‐
154 Hash=true|false (BETA - default=true) SuspendJob=true|false (ALPHA -
155 default=false) TTLAfterFinished=true|false (BETA - default=true) Topol‐
156 ogyAwareHints=true|false (ALPHA - default=false) TopologyMan‐
157 ager=true|false (BETA - default=true) ValidateProxyRedirects=true|false
158 (BETA - default=true) VolumeCapacityPriority=true|false (ALPHA - de‐
159 fault=false) WarningHeaders=true|false (BETA - default=true)
160 WinDSR=true|false (ALPHA - default=false) WinOverlay=true|false (BETA -
161 default=true) WindowsEndpointSliceProxying=true|false (BETA - de‐
162 fault=true)
163 --healthz-bind-address=0.0.0.0:10256 The IP address with port for
166 the health check server to serve on (set to '0.0.0.0:10256' for all
167 IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set empty to
168 disable.
169 --healthz-port=10256 The port to bind the health check server. Use
172 0 to disable.
173 --hostname-override="" If non-empty, will use this string as iden‐
176 tification instead of the actual hostname.
177 --iptables-masquerade-bit=14 If using the pure iptables proxy, the
180 bit of the fwmark space to mark packets requiring SNAT with. Must be
181 within the range [0, 31].
182 --iptables-min-sync-period=1s The minimum interval of how often
185 the iptables rules can be refreshed as endpoints and services change
186 (e.g. '5s', '1m', '2h22m').
187 --iptables-sync-period=30s The maximum interval of how often ipta‐
190 bles rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater
191 than 0.
192 --ipvs-exclude-cidrs=[] A comma-separated list of CIDR's which the
195 ipvs proxier should not touch when cleaning up IPVS rules.
196 --ipvs-min-sync-period=0s The minimum interval of how often the
199 ipvs rules can be refreshed as endpoints and services change (e.g.
200 '5s', '1m', '2h22m').
201 --ipvs-scheduler="" The ipvs scheduler type when proxy mode is
204 ipvs
205 --ipvs-strict-arp=false Enable strict ARP by setting arp_ignore to
208 1 and arp_announce to 2
209 --ipvs-sync-period=30s The maximum interval of how often ipvs
212 rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than
213 0.
214 --ipvs-tcp-timeout=0s The timeout for idle IPVS TCP connections, 0
217 to leave as-is. (e.g. '5s', '1m', '2h22m').
218 --ipvs-tcpfin-timeout=0s The timeout for IPVS TCP connections af‐
221 ter receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m',
222 '2h22m').
223 --ipvs-udp-timeout=0s The timeout for IPVS UDP packets, 0 to leave
226 as-is. (e.g. '5s', '1m', '2h22m').
227 --kube-api-burst=10 Burst to use while talking with kubernetes
230 apiserver
231 --kube-api-content-type="application/vnd.kubernetes.protobuf" Con‐
234 tent type of requests sent to apiserver.
235 --kube-api-qps=5 QPS to use while talking with kubernetes apis‐
238 erver
239 --kubeconfig="" Path to kubeconfig file with authorization infor‐
242 mation (the master location can be overridden by the master flag).
243 --log-flush-frequency=5s Maximum number of seconds between log
246 flushes
247 --masquerade-all=false If using the pure iptables proxy, SNAT all
250 traffic sent via Service cluster IPs (this not commonly needed)
251 --master="" The address of the Kubernetes API server (overrides
254 any value in kubeconfig)
255 --metrics-bind-address=127.0.0.1:10249 The IP address with port
258 for the metrics server to serve on (set to '0.0.0.0:10249' for all IPv4
259 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to dis‐
260 able.
261 --metrics-port=10249 The port to bind the metrics server. Use 0 to
264 disable.
265 --nodeport-addresses=[] A string slice of values which specify the
268 addresses to use for NodePorts. Values may be valid IP blocks (e.g.
269 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to
270 use all local addresses.
271 --oom-score-adj=-999 The oom-score-adj value for kube-proxy
274 process. Values must be within the range [-1000, 1000]
275 --profiling=false If true enables profiling via web interface on
278 /debug/pprof handler.
279 --proxy-mode= Which proxy mode to use: 'userspace' (older) or
282 'iptables' (faster) or 'ipvs' or 'kernelspace' (windows). If blank, use
283 the best-available proxy (currently iptables). If the iptables proxy is
284 selected, regardless of how, but the system's kernel or iptables ver‐
285 sions are insufficient, this always falls back to the userspace proxy.
286 --proxy-port-range= Range of host ports (beginPort-endPort, single
289 port or beginPort+offset, inclusive) that may be consumed in order to
290 proxy service traffic. If (unspecified, 0, or 0-0) then ports will be
291 randomly chosen.
292 --show-hidden-metrics-for-version="" The previous version for
295 which you want to show hidden metrics. Only the previous minor version
296 is meaningful, other values will not be allowed. The format is ., e.g.:
297 '1.16'. The purpose of this format is make sure you have the opportu‐
298 nity to notice if the next release hides additional metrics, rather
299 than being surprised when they are permanently removed in the release
300 after that.
301 --udp-timeout=250ms How long an idle UDP connection will be kept
304 open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for
305 proxy-mode=userspace
306 --version=false Print version information and quit
309 --write-config-to="" If set, write the default configuration val‐
312 ues to this file and exit.
313
317 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
318 com) based on the kubernetes source material, but hopefully they have
319 been automatically generated since!
320Manuals User KUBERNETES(1)(kubernetes)