Kube-proxy

Kube-proxy is a network proxy that runs on each node in your cluster. It is responsible for implementing a form of virtual IP for Services of type other than ExternalName.

Stuff you wanna know:

1. Kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
2. Kube-proxy uses the operating system packet filtering layer if there is one and it’s available. Otherwise, kube-proxy forwards the traffic itself.
3. Kube-proxy reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends.
4. The kube-proxy starts up in different modes, which are determined by its configuration.
5. The kube-proxy’s configuration is done via a ConfigMap, and the ConfigMap for kube-proxy effectively deprecates the behaviour for almost all of the flags for the kube-proxy.
6. The ConfigMap for the kube-proxy does not support live reloading of configuration.
7. The ConfigMap parameters for the kube-proxy cannot all be validated and verified on startup.
8. In iptables proxy mode, kube-proxy watches the Kubernetes control plane for the addition and removal of Service and Endpoint objects.
9. By default, kube-proxy in iptables mode chooses a backend at random.
10. If kube-proxy is running in iptables mode and the first Pod that’s selected does not respond, the connection fails.
11. In ipvs mode, kube-proxy watches Kubernetes Services and Endpoints, calls netlink interface to create IPVS rules accordingly and synchronizes IPVS rules with Kubernetes Services and Endpoints periodically.
12. When kube-proxy starts in IPVS proxy mode, it verifies whether IPVS kernel modules are available. If the IPVS kernel modules are not detected, then kube-proxy falls back to running in iptables proxy mode.
13. To run kube-proxy in IPVS mode, you must make IPVS available on the node before starting kube-proxy.
14. The kube-proxy does not understand HTTP.
15. The kube-proxy provides load balancing.
16. The kube-proxy is only used to reach services.

More stuff:

• Kubernetes components — https://kubernetes.io/docs/concepts/overview/components/
• Reference doc — https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
• Understanding kube-proxy on self-managed Kubernetes — https://youtu.be/bUPC1BdPHHA
• Kubernetes without kube-proxy — https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/
• iptables proxy mode — https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-iptables