You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/concepts/services-networking/service.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -242,9 +242,25 @@ There are a few reasons for using proxying for Services:
242
242
on the DNS records could impose a high load on DNS that then becomes
243
243
difficult to manage.
244
244
245
+
Later in this page you can read about various kube-proxy implementations work. Overall,
246
+
you should note that, when running `kube-proxy`, kernel level rules may be
247
+
modified (for example, iptables rules might get created), which won't get cleaned up,
248
+
in some cases until you reboot. Thus, running kube-proxy is something that should
249
+
only be done by an administrator which understands the consequences of having a
250
+
low level, privileged network proxying service on a computer. Although the `kube-proxy`
251
+
executable supports a `cleanup` function, this function is not an official feature and
252
+
thus is only available to use as-is.
253
+
254
+
### Configuration
255
+
256
+
Note that the kube-proxy starts up in different modes, which are determined by its configuration.
257
+
- The kube-proxy's configuration is done via a ConfigMap, and the ConfigMap for kube-proxy effectively deprecates the behaviour for almost all of the flags for the kube-proxy.
258
+
- The ConfigMap for the kube-proxy does not support live reloading of configuration.
259
+
- The ConfigMap parameters for the kube-proxy cannot all be validated and verified on startup. For example, if your operating system doesn't allow you to run iptables commands, the standard kernel kube-proxy implementation will not work. Likewise, if you have an operating system which doesn't support `netsh`, it will not run in Windows userspace mode.
260
+
245
261
### User space proxy mode {#proxy-mode-userspace}
246
262
247
-
In this mode, kube-proxy watches the Kubernetes control plane for the addition and
263
+
In this (legacy) mode, kube-proxy watches the Kubernetes control plane for the addition and
248
264
removal of Service and Endpoint objects. For each Service it opens a
249
265
port (randomly chosen) on the local node. Any connections to this "proxy port"
250
266
are proxied to one of the Service's backend Pods (as reported via
0 commit comments