Menu
By default, when no value is specified in the configuration, kube-proxy might be running in either iptables or userspace mode:
--proxy-mode ProxyMode
Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs' or 'kernelspace' (windows). If blank, use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
doc
Since both, userspace and iptables mode, seem to create iptables rules on the node, is there any reliable way to find out which proxy mode kube-proxy defaulted to?
624
Kube-proxy runs in three modes: userspace, iptables, and ipvs.
In order to track kube-proxy in Sysdig Monitor, you have to add some sections to the Sysdig agent YAML configuration file, and use a Prometheus server to filter the metrics. You can choose not to use an intermediate Prometheus server, but you have to keep in mind that kube-proxy provides a lot of metrics.
Usually to change of metricsBindAddress: can be achieved by editing ConfigMap and delete kube-proxy pod or use rollout restart on DaemonSet . Root cause of this issue was that this change was blocked by OP's environment - Yandex Cloud.
Yes, i want the same. I found out how to do that. I need run kube proxy on master node. And there is one variant is to run daemon set with kube proxy and set toleration: NoSchedule .
The Mode which kube-proxy comes up with is mentioned in kube-proxy log file.
W0322 08:09:44.312816 1 server_others.go:578] Unknown proxy mode "", assuming iptables proxy
I0322 08:09:44.313052 1 server_others.go:185] Using iptables Proxier.
Check in Code https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_others.go
func getProxyMode(proxyMode string, canUseIPVS bool, kcompat iptables.KernelCompatTester) string {
switch proxyMode {
case proxyModeUserspace:
return proxyModeUserspace
case proxyModeIPTables:
return tryIPTablesProxy(kcompat)
case proxyModeIPVS:
return tryIPVSProxy(canUseIPVS, kcompat)
}
klog.Warningf("Unknown proxy mode %q, assuming iptables proxy", proxyMode)
return tryIPTablesProxy(kcompat)
}
func tryIPTablesProxy(kcompat iptables.KernelCompatTester) string {
// guaranteed false on error, error only necessary for debugging
useIPTablesProxy, err := iptables.CanUseIPTablesProxier(kcompat)
if err != nil {
utilruntime.HandleError(fmt.Errorf("can't determine whether to use iptables proxy, using userspace proxier: %v", err))
return proxyModeUserspace
}
if useIPTablesProxy {
return proxyModeIPTables
}
// Fallback.
klog.V(1).Infof("Can't use iptables proxy, using userspace proxier")
return proxyModeUserspace
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
