-
-
Save ncdc/67a77d62bdd3f2ef4355cc0016ec490e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kube-proxy --help | |
The Kubernetes network proxy runs on each node. This | |
reflects services as defined in the Kubernetes API on each node and can do simple | |
TCP,UDP stream forwarding or round robin TCP,UDP forwarding across a set of backends. | |
Service cluster ips and ports are currently found through Docker-links-compatible | |
environment variables specifying ports opened by the service proxy. There is an optional | |
addon that provides cluster DNS for these cluster IPs. The user must create a service | |
with the apiserver API to configure the proxy. | |
Usage: | |
kube-proxy [flags] | |
The default config file contains these values: | |
apiVersion: componentconfig/v1alpha1 | |
bindAddress: 0.0.0.0 | |
clientConnection: | |
acceptContentTypes: "" | |
burst: 10 | |
contentType: application/vnd.kubernetes.protobuf | |
kubeconfig: "" | |
qps: 5 | |
clusterCIDR: "" | |
configSyncPeriod: 15m0s | |
conntrack: | |
max: 0 | |
maxPerCore: 32768 | |
min: 131072 | |
tcpCloseWaitTimeout: 1h0m0s | |
tcpEstablishedTimeout: 24h0m0s | |
enableProfiling: false | |
featureGates: "" | |
healthzBindAddress: 0.0.0.0:10256 | |
hostnameOverride: "" | |
iptables: | |
masqueradeAll: false | |
masqueradeBit: 14 | |
minSyncPeriod: 0s | |
syncPeriod: 30s | |
kind: KubeProxyConfiguration | |
metricsBindAddress: 127.0.0.1:10249 | |
mode: "" | |
oomScoreAdj: -999 | |
portRange: "" | |
resourceContainer: /kube-proxy | |
udpTimeoutMilliseconds: 250ms | |
Configuration file field descriptions: | |
kind - Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds | |
+optional | |
apiVersion - APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources | |
+optional | |
featureGates - TODO this really should be a map but that requires refactoring all | |
components to use config files because local-up-cluster.sh only supports | |
the --feature-gates flag right now, which is comma-separated key=value | |
pairs. | |
featureGates is a comma-separated list of key=value pairs that control | |
which alpha/beta features are enabled. | |
bindAddress - bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0 | |
for all interfaces) | |
healthzBindAddress - healthzBindAddress is the IP address and port for the health check server to serve on, | |
defaulting to 0.0.0.0:10256 | |
metricsBindAddress - metricsBindAddress is the IP address and port for the metrics server to serve on, | |
defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces) | |
enableProfiling - enableProfiling enables profiling via web interface on /debug/pprof handler. | |
Profiling handlers will be handled by metrics server. | |
clusterCIDR - clusterCIDR is the CIDR range of the pods in the cluster. It is used to | |
bridge traffic coming from outside of the cluster. If not provided, | |
no off-cluster bridging will be performed. | |
hostnameOverride - hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname. | |
clientConnection.kubeconfig - kubeconfig is the path to a kubeconfig file. | |
clientConnection.acceptContentTypes - acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the | |
default value of 'application/json'. This field will control all connections to the server used by a particular | |
client. | |
clientConnection.contentType - contentType is the content type used when sending data to the server from this client. | |
clientConnection.qps - cps controls the number of queries per second allowed for this connection. | |
clientConnection.burst - burst allows extra queries to accumulate when a client is exceeding its rate. | |
iptables.masqueradeBit - masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using | |
the pure iptables proxy mode. Values must be within the range [0, 31]. | |
iptables.masqueradeAll - masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. | |
oomScoreAdj - oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within | |
the range [-1000, 1000] | |
mode - mode specifies which proxy mode to use. | |
portRange - portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed | |
in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. | |
resourceContainer - resourceContainer is the bsolute name of the resource-only container to create and run | |
the Kube-proxy in (Default: /kube-proxy). | |
conntrack.max - max is the maximum number of NAT connections to track (0 to | |
leave as-is). This takes precedence over conntrackMaxPerCore and conntrackMin. | |
conntrack.maxPerCore - maxPerCore is the maximum number of NAT connections to track | |
per CPU core (0 to leave the limit as-is and ignore conntrackMin). | |
conntrack.min - min is the minimum value of connect-tracking records to allocate, | |
regardless of conntrackMaxPerCore (set conntrackMaxPerCore=0 to leave the limit as-is). | |
Flags: | |
--alsologtostderr log to standard error as well as files | |
--bind-address ip The IP address for the proxy server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0) | |
--cleanup-iptables If true cleanup iptables rules and exit. | |
--cluster-cidr string The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed. | |
--config string The path to the configuration file. | |
--config-sync-period duration How often configuration from the apiserver is refreshed. Must be greater than 0. (default 15m0s) | |
--conntrack-max-per-core int32 Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min). (default 32768) | |
--conntrack-min int32 Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is). (default 131072) | |
--conntrack-tcp-timeout-close-wait duration NAT timeout for TCP connections in the CLOSE_WAIT state (default 1h0m0s) | |
--conntrack-tcp-timeout-established duration Idle timeout for established TCP connections (0 to leave as-is) (default 24h0m0s) | |
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are: | |
APIResponseCompression=true|false (ALPHA - default=false) | |
Accelerators=true|false (ALPHA - default=false) | |
AdvancedAuditing=true|false (ALPHA - default=false) | |
AllAlpha=true|false (ALPHA - default=false) | |
AllowExtTrafficLocalEndpoints=true|false (default=true) | |
AppArmor=true|false (BETA - default=true) | |
DebugContainers=true|false (ALPHA - default=false) | |
DynamicKubeletConfig=true|false (ALPHA - default=false) | |
DynamicVolumeProvisioning=true|false (ALPHA - default=true) | |
ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false) | |
ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false) | |
LocalStorageCapacityIsolation=true|false (ALPHA - default=false) | |
PersistentLocalVolumes=true|false (ALPHA - default=false) | |
RotateKubeletClientCertificate=true|false (ALPHA - default=false) | |
RotateKubeletServerCertificate=true|false (ALPHA - default=false) | |
StreamingProxyRedirects=true|false (BETA - default=true) | |
TaintBasedEvictions=true|false (ALPHA - default=false) | |
--healthz-bind-address ip The IP address and port for the health check server to serve on (set to 0.0.0.0 for all interfaces) (default 0.0.0.0:10256) | |
--healthz-port int32 The port to bind the health check server. Use 0 to disable. (default 10256) | |
--hostname-override string If non-empty, will use this string as identification instead of the actual hostname. | |
--iptables-masquerade-bit int32 If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31]. (default 14) | |
--iptables-min-sync-period duration The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m'). | |
--iptables-sync-period duration The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0. (default 30s) | |
--kube-api-burst int Burst to use while talking with kubernetes apiserver (default 10) | |
--kube-api-content-type string Content type of requests sent to apiserver. (default "application/vnd.kubernetes.protobuf") | |
--kube-api-qps float32 QPS to use while talking with kubernetes apiserver (default 5) | |
--kubeconfig string Path to kubeconfig file with authorization information (the master location is set by the master flag). | |
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0) | |
--log-dir string If non-empty, write log files in this directory | |
--log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) | |
--logtostderr log to standard error instead of files (default true) | |
--masquerade-all If using the pure iptables proxy, SNAT everything (this not commonly needed) | |
--master string The address of the Kubernetes API server (overrides any value in kubeconfig) | |
--oom-score-adj int32 The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] (default -999) | |
--profiling If true enables profiling via web interface on /debug/pprof handler. | |
--proxy-mode ProxyMode Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy. | |
--proxy-port-range port-range Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. | |
--stderrthreshold severity logs at or above this threshold go to stderr (default 2) | |
--udp-timeout duration How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms) | |
-v, --v Level log level for V logs | |
--version version[=true] Print version information and quit | |
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging | |
--write-config-to string If set, write the default configuration values to this file and exit. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment