kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kube-proxy disclaimer about cleanup (#28147) 

* kube-proxy disclaimer about cleanup

* Update content/en/docs/concepts/services-networking/service.md

Co-authored-by: Tim Bannister <tim@scalefactory.com>

* Update content/en/docs/concepts/services-networking/service.md

Co-authored-by: Tim Bannister <tim@scalefactory.com>

* kube-proxy config note

* Update service.md

kube proxy configuration

Co-authored-by: Tim Bannister <tim@scalefactory.com>
pull/28355/head^2
jay vyas 2021-09-08 20:34:10 -04:00 committed by GitHub
parent afac60ede7
commit 034ab83d92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/en/docs/concepts/services-networking/service.md
View File

@ -242,9 +242,25 @@ There are a few reasons for using proxying for Services:
on the DNS records could impose a high load on DNS that then becomes
difficult to manage.
Later in this page you can read about various kube-proxy implementations work. Overall,
you should note that, when running `kube-proxy`, kernel level rules may be
modified (for example, iptables rules might get created), which won't get cleaned up,
in some cases until you reboot. Thus, running kube-proxy is something that should
only be done by an administrator which understands the consequences of having a
low level, privileged network proxying service on a computer. Although the `kube-proxy`
executable supports a `cleanup` function, this function is not an official feature and
thus is only available to use as-is.
### Configuration
Note that the kube-proxy starts up in different modes, which are determined by its configuration.
- The kube-proxy's configuration is done via a ConfigMap, and the ConfigMap for kube-proxy effectively deprecates the behaviour for almost all of the flags for the kube-proxy.
- The ConfigMap for the kube-proxy does not support live reloading of configuration.
- The ConfigMap parameters for the kube-proxy cannot all be validated and verified on startup. For example, if your operating system doesn't allow you to run iptables commands, the standard kernel kube-proxy implementation will not work. Likewise, if you have an operating system which doesn't support `netsh`, it will not run in Windows userspace mode.
### User space proxy mode {#proxy-mode-userspace}
In this mode, kube-proxy watches the Kubernetes control plane for the addition and
In this (legacy) mode, kube-proxy watches the Kubernetes control plane for the addition and
removal of Service and Endpoint objects. For each Service it opens a
port (randomly chosen) on the local node. Any connections to this "proxy port"
are proxied to one of the Service's backend Pods (as reported via