| $ kube-proxy --help | |
| The Kubernetes network proxy runs on each node. This | |
| reflects services as defined in the Kubernetes API on each node and can do simple | |
| TCP,UDP stream forwarding or round robin TCP,UDP forwarding across a set of backends. | |
| Service cluster ips and ports are currently found through Docker-links-compatible | |
| environment variables specifying ports opened by the service proxy. There is an optional | |
| addon that provides cluster DNS for these cluster IPs. The user must create a service | |
| with the apiserver API to configure the proxy. | |
| Usage: | |
| kube-proxy [flags] | |
| The default config file contains these values: | |
| apiVersion: componentconfig/v1alpha1 | |
| bindAddress: 0.0.0.0 | |
| clientConnection: | |
| acceptContentTypes: "" | |
| burst: 10 | |
| contentType: application/vnd.kubernetes.protobuf | |
| kubeconfig: "" | |
| qps: 5 | |
| clusterCIDR: "" | |
| configSyncPeriod: 15m0s | |
| conntrack: | |
| max: 0 | |
| maxPerCore: 32768 | |
| min: 131072 | |
| tcpCloseWaitTimeout: 1h0m0s | |
| tcpEstablishedTimeout: 24h0m0s | |
| enableProfiling: false | |
| featureGates: "" | |
| healthzBindAddress: 0.0.0.0:10256 | |
| hostnameOverride: "" | |
| iptables: | |
| masqueradeAll: false | |
| masqueradeBit: 14 | |
| minSyncPeriod: 0s | |
| syncPeriod: 30s | |
| kind: KubeProxyConfiguration | |
| metricsBindAddress: 127.0.0.1:10249 | |
| mode: "" | |
| oomScoreAdj: -999 | |
| portRange: "" | |
| resourceContainer: /kube-proxy | |
| udpTimeoutMilliseconds: 250ms | |
| Configuration file field descriptions: | |
| kind - Kind is a string value representing the REST resource this object represents. | |
| Servers may infer this from the endpoint the client submits requests to. | |
| Cannot be updated. | |
| In CamelCase. | |
| More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds | |
| +optional | |
| apiVersion - APIVersion defines the versioned schema of this representation of an object. | |
| Servers should convert recognized schemas to the latest internal value, and | |
| may reject unrecognized values. | |
| More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources | |
| +optional | |
| featureGates - TODO this really should be a map but that requires refactoring all | |
| components to use config files because local-up-cluster.sh only supports | |
| the --feature-gates flag right now, which is comma-separated key=value | |
| pairs. | |
| featureGates is a comma-separated list of key=value pairs that control | |
| which alpha/beta features are enabled. | |
| bindAddress - bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0 | |
| for all interfaces) | |
| healthzBindAddress - healthzBindAddress is the IP address and port for the health check server to serve on, | |
| defaulting to 0.0.0.0:10256 | |
| metricsBindAddress - metricsBindAddress is the IP address and port for the metrics server to serve on, | |
| defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces) | |
| enableProfiling - enableProfiling enables profiling via web interface on /debug/pprof handler. | |
| Profiling handlers will be handled by metrics server. | |
| clusterCIDR - clusterCIDR is the CIDR range of the pods in the cluster. It is used to | |
| bridge traffic coming from outside of the cluster. If not provided, | |
| no off-cluster bridging will be performed. | |
| hostnameOverride - hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname. | |
| clientConnection.kubeconfig - kubeconfig is the path to a kubeconfig file. | |
| clientConnection.acceptContentTypes - acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the | |
| default value of 'application/json'. This field will control all connections to the server used by a particular | |
| client. | |
| clientConnection.contentType - contentType is the content type used when sending data to the server from this client. | |
| clientConnection.qps - cps controls the number of queries per second allowed for this connection. | |
| clientConnection.burst - burst allows extra queries to accumulate when a client is exceeding its rate. | |
| iptables.masqueradeBit - masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using | |
| the pure iptables proxy mode. Values must be within the range [0, 31]. | |
| iptables.masqueradeAll - masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. | |
| oomScoreAdj - oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within | |
| the range [-1000, 1000] | |
| mode - mode specifies which proxy mode to use. | |
| portRange - portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed | |
| in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. | |
| resourceContainer - resourceContainer is the bsolute name of the resource-only container to create and run | |
| the Kube-proxy in (Default: /kube-proxy). | |
| conntrack.max - max is the maximum number of NAT connections to track (0 to | |
| leave as-is). This takes precedence over conntrackMaxPerCore and conntrackMin. | |
| conntrack.maxPerCore - maxPerCore is the maximum number of NAT connections to track | |
| per CPU core (0 to leave the limit as-is and ignore conntrackMin). | |
| conntrack.min - min is the minimum value of connect-tracking records to allocate, | |
| regardless of conntrackMaxPerCore (set conntrackMaxPerCore=0 to leave the limit as-is). | |
| Flags: | |
| --alsologtostderr log to standard error as well as files | |
| --bind-address ip The IP address for the proxy server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0) | |
| --cleanup-iptables If true cleanup iptables rules and exit. | |
| --cluster-cidr string The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed. | |
| --config string The path to the configuration file. | |
| --config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s) | |
| --conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768) | |
| --conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072) | |
| --conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s) | |
| --conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s) | |
| --feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are: | |
| APIResponseCompression=true|false (ALPHA - default=false) | |
| Accelerators=true|false (ALPHA - default=false) | |
| AdvancedAuditing=true|false (ALPHA - default=false) | |
| AllAlpha=true|false (ALPHA - default=false) | |
| AllowExtTrafficLocalEndpoints=true|false (default=true) | |
| AppArmor=true|false (BETA - default=true) | |
| DebugContainers=true|false (ALPHA - default=false) | |
| DynamicKubeletConfig=true|false (ALPHA - default=false) | |
| DynamicVolumeProvisioning=true|false (ALPHA - default=true) | |
| ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false) | |
| ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false) | |
| LocalStorageCapacityIsolation=true|false (ALPHA - default=false) | |
| PersistentLocalVolumes=true|false (ALPHA - default=false) | |
| RotateKubeletClientCertificate=true|false (ALPHA - default=false) | |
| RotateKubeletServerCertificate=true|false (ALPHA - default=false) | |
| StreamingProxyRedirects=true|false (BETA - default=true) | |
| TaintBasedEvictions=true|false (ALPHA - default=false) | |
| --healthz-bind-address ip The IP address and port for the health check server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0:10256) | |
| --healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10256) | |
| --hostname-override string If non-empty, will use this string as identification instead of the actual hostname. | |
| --iptables-masquerade-bit int32 If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31]. (default 14) | |
| --iptables-min-sync-period duration The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m'). | |
| --iptables-sync-period duration The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. (default 30s) | |
| --kube-api-burst int Burst to use while talking with kubernetes apiserver (default 10) | |
| --kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf") | |
| --kube-api-qps float32 QPS to use while talking with kubernetes apiserver (default 5) | |
| --kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). | |
| --log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0) | |
| --log-dir string If non-empty, write log files in this directory | |
| --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) | |
| --logtostderr log to standard error instead of files (default true) | |
| --masquerade-all If using the pure iptables proxy, SNAT everything (this not commonly needed) | |
| --master string The address of the Kubernetes API server (overrides any value in kubeconfig) | |
| --oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999) | |
| --profiling If true enables profiling via web interface on /debug/pprof handler. | |
| --proxy-mode ProxyMode Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy. | |
| --proxy-port-range port-range Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. | |
| --stderrthreshold severity logs at or above this threshold go to stderr (default 2) | |
| --udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms) | |
| -v, --v Level log level for V logs | |
| --version version[=true] Print version information and quit | |
| --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging | |
| --write-config-to string If set, write the default configuration values to this file and exit. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment