kube-proxy
Enables communication between worker nodes
- Run as a daemon set so each node gets one copy of kube-proxy
Every pod can talk to every other pod. Pod networking solution ( internal virtual network that spans all the nodes in a cluster) There’s no guarantee IPs will be the same. By using a service, we expose the database application across the cluster. Web applications can access pods by service name now. Services cannot join pod networks. Services are not an actual thing like a container. It has nothing actively listening. It’s virtual and lives in K8s memory. This is where cube-proxy comes in. Kube-proxy runs on each node in the Kubernetes cluster. It looks for named services, and when a new service is created, it creates the appropriate rules on each node to forward traffic from services to backend pods. One way it does this is with IP Tables rules.
Important command line arguments
| Argument | Purpose |
|---|---|
| --proxy-mode | Selects between iptables(default), ipvs, or userspace mode. See "service networking" |
| --service-cluster-ip-range | Defines the IP range to give to services. Defaults to 10.0.0.0/24 |
A pod and a service will never have the same IP address.
It creates an IP Tables rule on each node in the cluster to forward traffic headed from the service IP to the IP of the actual node.
Checking iptables
iptables -L -t NAT | grep db-service
For ClusterIP, iptables will re-write the IP address For NodePort, iptables will send the traffic to all backend nodes
Logs
Kube-proxy logs will tell you what type of proxy it's using, and an entry every time it adds a new entry.