K
Q

Where to execute kube-proxy command?

8/8/2019

From this article, I can specify 'userspace' as my proxy-mode, but I am unable to understand what command I need to use for it and at what stage? Like after creating deployment or service? I am running a minikube cluster currently.

-- Muhammad Mohib Khan
kubernetes

Similar Questions

Configure SG rules for JupyterHub's proxy-public ELB on EKS?
How to define my own helm template functions
Kubectl - List only namespaces a user can access
Is it safe to sign the metrics-server certificate and key with the Cluster CA?

2 Answers

8/9/2019

If you are using minikube, you can find a DaemonSet named kube-proxy like followings:

$ kubectl get ds -n kube-system kube-proxy -o yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  ...
  labels:
    k8s-app: kube-proxy
  name: kube-proxy
  namespace: kube-system
  ...
spec:
  ...
    spec:
      containers:
      - command:
        - /usr/local/bin/kube-proxy
        - --config=/var/lib/kube-proxy/config.conf
        - --hostname-override=$(NODE_NAME)
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        image: k8s.gcr.io/kube-proxy:v1.15.0
        imagePullPolicy: IfNotPresent
        name: kube-proxy
   ...
        volumeMounts:
        - mountPath: /var/lib/kube-proxy
          name: kube-proxy
        - mountPath: /run/xtables.lock
          name: xtables-lock
        - mountPath: /lib/modules
          name: lib-modules
          readOnly: true
      dnsPolicy: ClusterFirst
      ...
      volumes:
      - configMap:
          defaultMode: 420
          name: kube-proxy
        name: kube-proxy
      - hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
        name: xtables-lock
      - hostPath:
          path: /lib/modules
          type: ""
        name: lib-modules
  ...

Look at the .spec.template.spec.containers[].command, the container runs the kube-proxy command. You can provide the flag --proxy-mode=userspace in the command array.

- command:
  - /usr/local/bin/kube-proxy
  - --config=/var/lib/kube-proxy/config.conf
  - --hostname-override=$(NODE_NAME)
  - --proxy-mode=userspace
-- Shudipta Sharma
Source: StackOverflow
8/9/2019

kube-proxy is a process that runs on each kubernetes node to manage network connections coming into and out of kubernetes.

You don't run the command as such, but your deployment method (usually kubeadm) configures the options for it to run.

As @Hang Du mentioned, in minikube you can modify it's options by editing the kube-proxy configmap and changing mode to userspace

kubectl -n kube-system edit configmap kube-proxy

Then delete the Pod.

kubectl -n kube-system get pod
kubectl -n kube-system delete pod kube-proxy-XXXXX
-- Matt
Source: StackOverflow