website/docs/concepts/cluster-administration/proxies.md

---
title: Proxies in Kubernetes
redirect_from:
- "/docs/user-guide/accessing-the-cluster/"
- "/docs/user-guide/accessing-the-cluster.html"
---

{% capture overview %}
This page explains proxies used with Kubernetes.
{% endcapture %}

{% capture body %}

## Proxies

There are several different proxies you may encounter when using Kubernetes:

  1. The [kubectl proxy](#directly-accessing-the-rest-api):
    - runs on a user's desktop or in a pod
    - proxies from a localhost address to the Kubernetes apiserver
    - client to proxy uses HTTP
    - proxy to apiserver uses HTTPS
    - locates apiserver
    - adds authentication headers
  1. The [apiserver proxy](#discovering-builtin-services):
    - is a bastion built into the apiserver
    - connects a user outside of the cluster to cluster IPs which otherwise might not be reachable
    - runs in the apiserver processes
    - client to proxy uses HTTPS (or http if apiserver so configured)
    - proxy to target may use HTTP or HTTPS as chosen by proxy using available information
    - can be used to reach a Node, Pod, or Service
    - does load balancing when used to reach a Service
  1. The [kube proxy](/docs/user-guide/services/#ips-and-vips):
    - runs on each node
    - proxies UDP and TCP
    - does not understand HTTP
    - provides load balancing
    - is just used to reach services
  1. A Proxy/Load-balancer in front of apiserver(s):
    - existence and implementation varies from cluster to cluster (e.g. nginx)
    - sits between all clients and one or more apiservers
    - acts as load balancer if there are several apiservers.
  1. Cloud Load Balancers on external services:
    - are provided by some cloud providers (e.g. AWS ELB, Google Cloud Load Balancer)
    - are created automatically when the Kubernetes service has type `LoadBalancer`
    - use UDP/TCP only
    - implementation varies by cloud provider.

Kubernetes users will typically not need to worry about anything other than the first two types.  The cluster admin
will typically ensure that the latter types are setup correctly.

## Requesting redirects

Proxies have replaced redirect capabilities.  Redirects have been deprecated.

{% endcapture %}

{% include templates/concept.md %}
access-clusters docs revamp (#3779) * access-clusters docs revamp Fix the accessing clusters docs, bring them into the right templates and put them in the right parts of the site. * Update proxies.md * Update concepts.yml * Update tasks.yml 2017-05-16 00:15:20 +00:00			`---`
			`title: Proxies in Kubernetes`
			`redirect_from:`
			`- "/docs/user-guide/accessing-the-cluster/"`
			`- "/docs/user-guide/accessing-the-cluster.html"`
			`---`

			`{% capture overview %}`
			`This page explains proxies used with Kubernetes.`
			`{% endcapture %}`

			`{% capture body %}`

			`## Proxies`

			`There are several different proxies you may encounter when using Kubernetes:`

			`1. The [kubectl proxy](#directly-accessing-the-rest-api):`
			`- runs on a user's desktop or in a pod`
			`- proxies from a localhost address to the Kubernetes apiserver`
			`- client to proxy uses HTTP`
			`- proxy to apiserver uses HTTPS`
			`- locates apiserver`
			`- adds authentication headers`
			`1. The [apiserver proxy](#discovering-builtin-services):`
			`- is a bastion built into the apiserver`
			`- connects a user outside of the cluster to cluster IPs which otherwise might not be reachable`
			`- runs in the apiserver processes`
			`- client to proxy uses HTTPS (or http if apiserver so configured)`
			`- proxy to target may use HTTP or HTTPS as chosen by proxy using available information`
			`- can be used to reach a Node, Pod, or Service`
			`- does load balancing when used to reach a Service`
			`1. The [kube proxy](/docs/user-guide/services/#ips-and-vips):`
			`- runs on each node`
			`- proxies UDP and TCP`
			`- does not understand HTTP`
			`- provides load balancing`
			`- is just used to reach services`
			`1. A Proxy/Load-balancer in front of apiserver(s):`
			`- existence and implementation varies from cluster to cluster (e.g. nginx)`
			`- sits between all clients and one or more apiservers`
			`- acts as load balancer if there are several apiservers.`
			`1. Cloud Load Balancers on external services:`
			`- are provided by some cloud providers (e.g. AWS ELB, Google Cloud Load Balancer)`
			- are created automatically when the Kubernetes service has type `LoadBalancer`
			`- use UDP/TCP only`
			`- implementation varies by cloud provider.`

			`Kubernetes users will typically not need to worry about anything other than the first two types. The cluster admin`
			`will typically ensure that the latter types are setup correctly.`

			`## Requesting redirects`

			`Proxies have replaced redirect capabilities. Redirects have been deprecated.`

			`{% endcapture %}`

			`{% include templates/concept.md %}`