This document shows how to create a cluster that does not use kube-proxy
.
kube-proxy
is a controller that runs on each worker node in a cluster. It
watches Kubernetes Service objects, and creates iptables
rules to forward packets that are sent to Service addresses. An alternative to
using kube-proxy
and iptables for this purpose is to use Dataplane V2 in
kube-proxy-replacement mode. This allows for the removal of kube-proxy
from
the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy
, use one of the supported Red Hat Enterprise Linux
operating systems. Clusters that use Ubuntu do not support this feature.
Advantages of removing kube-proxy
-
Avoid the resource consumption required for maintaining a large set of iptables rules.
-
Improve performance. Creating iptables rules is time consuming, especially for large clusters.
Create a cluster without kube-proxy
Follow the instructions in one of the cluster creation topics.
As you fill in your cluster configuration file, include the following annotation:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
For example:
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: alice
namespace: cluster-alice
annotations:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
...
Verify that kube-proxy
is not in your cluster
List the DaemonSets in the cluster:
kubectl --kubeconfig CLUSTER_KUBECONFIG \ get deamonsets --all-namespaces
Replace CLUSTER_KUBECONFIG with the path of the cluster kubeconfig file.
Verify that kube-proxy
is not in the list. For example:
kube-system anetd kube-system audit-proxy kube-system etcd-defrag kube-system gke-metrics-agent kube-system kube-control-plane-metrics-proxy kube-system localpv kube-system metallb-speaker kube-system node-exporter kube-system stackdriver-log-forwarder
