Stack Overflow
Stack Overflow

Questions tagged [kube-proxy]

kube-proxy is a component of kubernetes that is responsible for `service` and load balance.

The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP,UDP stream forwarding or round robin TCP,UDP forwarding across a set of backends.

161 questions
4
votes
1 answer

Kubernetes Pods unable to resolve external host

I am running a 3 Node Kubernetes cluster with Flannel as CNI. I used kubeadm to setup the cluster and the version is 1.23. My pods need to talk to external hosts using DNS addresses but there is no DNS server for those hosts. For that, I have added…
Krishnom
  • 1,348
  • 12
  • 39
4
votes
1 answer

Restrict access to service to only some pods

I have a mosquitto broker running on a pod, this server is exposed as a service as both DNS and IP address. But this service is accessible by any pod in the cluster. I want to restrict access to this service such that pods trying to connect to this…
The Entity
  • 157
  • 1
  • 10
4
votes
2 answers

What is the port opened by kube-proxy for,Why does it listen on so many ports?

What is the port opened by kube-proxy for,Why does it listen on so many ports? From my node, I can see that kube-proxy is listening to a lot of ports. Can someone explain to me why they are listening to so many ports and what is it for? the output…
Esc
  • 521
  • 13
  • 30
4
votes
1 answer

how does kubernetes guarantee reliability of kube proxy and kubelet?

If Kube proxy is down, the pods on a kubernetes node will not be able to communicate with the external world. Anything that Kubernetes does specially to guarantee the reliability of kube-proxy? Similarly, how does Kubernetes guarantee reliability…
yuyang
  • 1,511
  • 2
  • 15
  • 40
4
votes
2 answers

kube-proxy reports wrong ip address

In my kubernetes cluster, each node is a virtualbox vm with two NICs, eth0 for NAT and eth1 for Host-Local communicating. kubectl get pod --all-namespaces -o wide shows We can see k8s-3 and k8s-4 reports correct IPs while k8s-2 doesn't. I've…
dastan
  • 1,006
  • 1
  • 16
  • 36
3
votes
2 answers

Kubernetes kube-proxy is running but the specified kubeconfig file cannot be found

I want to set k8s kube-proxy config file permission for hardening purposes. I'm wordering how the kube-proxy process can be running with the --config flag set to a path (var/lib/kube-proxy/config.conf) that can't be found... In fact checking…
nixmind
  • 2,060
  • 6
  • 32
  • 54
3
votes
1 answer

Kubernetes Ingress controller vs kube-proxy

An ingress controller is a Layer 7 construct. Does it bypass the Service (VIP) and Layer 4 kube proxy?
Compendius
  • 53
  • 1
  • 3
3
votes
2 answers

How kube-proxy runs iptables commands on the host node, while running inside a process isolated container?

I'm working in kube-proxy development and I'm in the stage of understanding the purpose and execution of kube-proxy. I know that kube-proxy will add iptables rules to enable user to access the exposed pods (which is kubernetes service in iptables…
elia
  • 239
  • 3
  • 16
3
votes
1 answer

How to set a new logging level on kube-proxy, in a running cluster

Is there a way to change the logging level on a running cluster, specifically for a single system component such as kube-proxy? I see some discussion related to this: https://github.com/kubernetes/test-infra/pull/4311 and it seems like some sort…
S V
  • 31
  • 1
  • 3
3
votes
1 answer

Kubernetes VIP address clarifications

I'm a bit confused by some of the Kubernetes documentation on virtual IPs: https://kubernetes.io/docs/concepts/services-networking/service/#the-gory-details-of-virtual-ips. Userspace As an example, consider the image processing application…
Nick
  • 167
  • 3
  • 9
3
votes
1 answer

What does kube-proxy `--masquerade-all=true` mean?

The kube-proxy admin page says: --masquerade-all If using the pure iptables proxy, SNAT everything But it does explain in detail. When should I set --masquerade-all to true? And what problem it solves? What could happen if it set…
cizixs
  • 12,931
  • 6
  • 48
  • 60
3
votes
1 answer

How to debug error in kube-proxy: Connection reset by peer

I got errors in my kube-proxy: E0107 21:48:57.738867 1 proxysocket.go:160] I/O error: read tcp 10.2.11.253:37568: connection reset by peer How can I trace quickly which pod has IP 10.2.11.253? And how can I know which request that was, from…
Quyen Nguyen Tuan
  • 1,677
  • 17
  • 23
3
votes
2 answers

Scalability of kube-proxy

I have encountered a scalability problem when trying out the kubernetes cluster. To simplify the topology in my test machine, NodePort type is used to expose the individual service externally. The baremetal to host the node and master is a RHEL 7…
hh2
  • 31
  • 2
2
votes
2 answers

Kube-Proxy and Kube-Flannel CrashLoopBackOff

I have a Kubernetes Cluster in an on-premise server, I also have a server on Naver Cloud lets call it server A, I want to join my server A to my Kubernetes Cluster, the server can join normally, but the kube-proxy and kube-flannel pods spawned from…
Rahandi Noor Pasha
  • 41
  • 8
2
votes
1 answer

I wonder the difference between kube-proxy and cni

I wonder the difference between kube-proxy and cni. Does calico also use iptables to set policies? In this case, the role overlaps with the kube-proxy, what's the difference between the two? Why kube-proxy disable for Calico eBPF mode? Since…
JungGyu Oh
  • 21
  • 1
1
2
3
10 11