kubernetes
/
kube-proxy
mirror of https://github.com/kubernetes/kube-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve kube-proxy config / CLI documentation 

Kubernetes-commit: 44cb330aa00fa3bcded1941560693fd3008412c0
This commit is contained in:
Dan Winship 2023-08-30 12:50:05 -04:00 committed by Kubernetes Publisher
parent f0f39bcd17
commit 16f6d3d303
1 changed files with 62 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
config/v1alpha1/types.go
View File

@ -26,36 +26,44 @@ import (
// details for the Kubernetes proxy server.
type KubeProxyIPTablesConfiguration struct {
// masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
// the pure iptables proxy mode. Values must be within the range [0, 31].
// the iptables or ipvs proxy mode. Values must be within the range [0, 31].
MasqueradeBit *int32 `json:"masqueradeBit"`
// masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode.
// masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs,
// when using the iptables or ipvs proxy mode. This may be required with some CNI
// plugins.
MasqueradeAll bool `json:"masqueradeAll"`
// LocalhostNodePorts tells kube-proxy to allow service NodePorts to be accessed via
// localhost (iptables mode only)
// localhostNodePorts, if false, tells kube-proxy to disable the legacy behavior
// of allowing NodePort services to be accessed via localhost. (Applies only to
// iptables mode and IPv4; localhost NodePorts are never allowed with other proxy
// modes or with IPv6.)
LocalhostNodePorts *bool `json:"localhostNodePorts"`
// syncPeriod is the period that iptables rules are refreshed (e.g. '5s', '1m',
// '2h22m'). Must be greater than 0.
// syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently
// various re-synchronizing and cleanup operations are performed. Must be greater
// than 0.
SyncPeriod metav1.Duration `json:"syncPeriod"`
// minSyncPeriod is the minimum period that iptables rules are refreshed (e.g. '5s', '1m',
// '2h22m').
// minSyncPeriod is the minimum period between iptables rule resyncs (e.g. '5s',
// '1m', '2h22m'). A value of 0 means every Service or EndpointSlice change will
// result in an immediate iptables resync.
MinSyncPeriod metav1.Duration `json:"minSyncPeriod"`
}
// KubeProxyIPVSConfiguration contains ipvs-related configuration
// details for the Kubernetes proxy server.
type KubeProxyIPVSConfiguration struct {
// syncPeriod is the period that ipvs rules are refreshed (e.g. '5s', '1m',
// '2h22m'). Must be greater than 0.
// syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently
// various re-synchronizing and cleanup operations are performed. Must be greater
// than 0.
SyncPeriod metav1.Duration `json:"syncPeriod"`
// minSyncPeriod is the minimum period that ipvs rules are refreshed (e.g. '5s', '1m',
// '2h22m').
// minSyncPeriod is the minimum period between IPVS rule resyncs (e.g. '5s', '1m',
// '2h22m'). A value of 0 means every Service or EndpointSlice change will result
// in an immediate IPVS resync.
MinSyncPeriod metav1.Duration `json:"minSyncPeriod"`
// ipvs scheduler
// scheduler is the IPVS scheduler to use
Scheduler string `json:"scheduler"`
// excludeCIDRs is a list of CIDR's which the ipvs proxier should not touch
// excludeCIDRs is a list of CIDRs which the ipvs proxier should not touch
// when cleaning up ipvs services.
ExcludeCIDRs []string `json:"excludeCIDRs"`
// strict ARP configure arp_ignore and arp_announce to avoid answering ARP queries
// strictARP configures arp_ignore and arp_announce to avoid answering ARP queries
// from kube-ipvs0 interface
StrictARP bool `json:"strictARP"`
// tcpTimeout is the timeout value used for idle IPVS TCP sessions.
@ -76,7 +84,7 @@ type KubeProxyConntrackConfiguration struct {
// per CPU core (0 to leave the limit as-is and ignore min).
MaxPerCore *int32 `json:"maxPerCore"`
// min is the minimum value of connect-tracking records to allocate,
// regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).
// regardless of maxPerCore (set maxPerCore=0 to leave the limit as-is).
Min *int32 `json:"min"`
// tcpEstablishedTimeout is how long an idle TCP connection will be kept open
// (e.g. '2s'). Must be greater than 0 to set.
@ -101,29 +109,29 @@ type KubeProxyWinkernelConfiguration struct {
// networkName is the name of the network kube-proxy will use
// to create endpoints and policies
NetworkName string `json:"networkName"`
// sourceVip is the IP address of the source VIP endoint used for
// sourceVip is the IP address of the source VIP endpoint used for
// NAT when loadbalancing
SourceVip string `json:"sourceVip"`
// enableDSR tells kube-proxy whether HNS policies should be created
// with DSR
EnableDSR bool `json:"enableDSR"`
// RootHnsEndpointName is the name of hnsendpoint that is attached to
// rootHnsEndpointName is the name of hnsendpoint that is attached to
// l2bridge for root network namespace
RootHnsEndpointName string `json:"rootHnsEndpointName"`
// ForwardHealthCheckVip forwards service VIP for health check port on
// forwardHealthCheckVip forwards service VIP for health check port on
// Windows
ForwardHealthCheckVip bool `json:"forwardHealthCheckVip"`
}
// DetectLocalConfiguration contains optional settings related to DetectLocalMode option
type DetectLocalConfiguration struct {
// BridgeInterface is a string argument which represents a single bridge interface name.
// Kube-proxy considers traffic as local if originating from this given bridge.
// This argument should be set if DetectLocalMode is set to LocalModeBridgeInterface.
// bridgeInterface is a bridge interface name. When DetectLocalMode is set to
// LocalModeBridgeInterface, kube-proxy will consider traffic to be local if
// it originates from this bridge.
BridgeInterface string `json:"bridgeInterface"`
// InterfaceNamePrefix is a string argument which represents a single interface prefix name.
// Kube-proxy considers traffic as local if originating from one or more interfaces which match
// the given prefix. This argument should be set if DetectLocalMode is set to LocalModeInterfaceNamePrefix.
// interfaceNamePrefix is an interface name prefix. When DetectLocalMode is set to
// LocalModeInterfaceNamePrefix, kube-proxy will consider traffic to be local if
// it originates from any interface whose name begins with this prefix.
InterfaceNamePrefix string `json:"interfaceNamePrefix"`
}
@ -137,25 +145,34 @@ type KubeProxyConfiguration struct {
// featureGates is a map of feature names to bools that enable or disable alpha/experimental features.
FeatureGates map[string]bool `json:"featureGates,omitempty"`
// bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0
// for all interfaces)
// bindAddress can be used to override kube-proxy's idea of what its node's
// primary IP is. Note that the name is a historical artifact, and kube-proxy does
// not actually bind any sockets to this IP.
BindAddress string `json:"bindAddress"`
// healthzBindAddress is the IP address and port for the health check server to serve on,
// defaulting to 0.0.0.0:10256
// healthzBindAddress is the IP address and port for the health check server to
// serve on, defaulting to "0.0.0.0:10256" (if bindAddress is unset or IPv4), or
// "[::]:10256" (if bindAddress is IPv6).
HealthzBindAddress string `json:"healthzBindAddress"`
// metricsBindAddress is the IP address and port for the metrics server to serve on,
// defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces)
// metricsBindAddress is the IP address and port for the metrics server to serve
// on, defaulting to "127.0.0.1:10249" (if bindAddress is unset or IPv4), or
// "[::1]:10249" (if bindAddress is IPv6). (Set to "0.0.0.0:10249" / "[::]:10249"
// to bind on all interfaces.)
MetricsBindAddress string `json:"metricsBindAddress"`
// bindAddressHardFail, if true, kube-proxy will treat failure to bind to a port as fatal and exit
// bindAddressHardFail, if true, tells kube-proxy to treat failure to bind to a
// port as fatal and exit
BindAddressHardFail bool `json:"bindAddressHardFail"`
// enableProfiling enables profiling via web interface on /debug/pprof handler.
// Profiling handlers will be handled by metrics server.
EnableProfiling bool `json:"enableProfiling"`
// clusterCIDR is the CIDR range of the pods in the cluster. It is used to
// bridge traffic coming from outside of the cluster. If not provided,
// no off-cluster bridging will be performed.
// clusterCIDR is the CIDR range of the pods in the cluster. (For dual-stack
// clusters, this can be a comma-separated dual-stack pair of CIDR ranges.). When
// DetectLocalMode is set to LocalModeClusterCIDR, kube-proxy will consider
// traffic to be local if its source IP is in this range. (Otherwise it is not
// used.)
ClusterCIDR string `json:"clusterCIDR"`
// hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname.
// hostnameOverride, if non-empty, will be used as the name of the Node that
// kube-proxy is running on. If unset, the node name is assumed to be the same as
// the node's hostname.
HostnameOverride string `json:"hostnameOverride"`
// clientConnection specifies the kubeconfig file and client connection settings for the proxy
// server to use when communicating with the apiserver.
@ -169,29 +186,26 @@ type KubeProxyConfiguration struct {
OOMScoreAdj *int32 `json:"oomScoreAdj"`
// mode specifies which proxy mode to use.
Mode ProxyMode `json:"mode"`
// portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
// in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
// portRange was previously used to configure the userspace proxy, but is now unused.
PortRange string `json:"portRange"`
// conntrack contains conntrack-related configuration options.
Conntrack KubeProxyConntrackConfiguration `json:"conntrack"`
// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
// than 0.
ConfigSyncPeriod metav1.Duration `json:"configSyncPeriod"`
// nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
// IP blocks. These values are as a parameter to select the interfaces where nodeport works.
// In case someone would like to expose a service on localhost for local visit and some other interfaces for
// particular purpose, a list of IP blocks would do that.
// If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
// If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
// An empty string slice is meant to select all network interfaces.
// nodePortAddresses is a list of CIDR ranges that contain valid node IPs. If set,
// connections to NodePort services will only be accepted on node IPs in one of
// the indicated ranges. If unset, NodePort connections will be accepted on all
// local IPs.
NodePortAddresses []string `json:"nodePortAddresses"`
// winkernel contains winkernel-related configuration options.
Winkernel KubeProxyWinkernelConfiguration `json:"winkernel"`
// ShowHiddenMetricsForVersion is the version for which you want to show hidden metrics.
// showHiddenMetricsForVersion is the version for which you want to show hidden metrics.
ShowHiddenMetricsForVersion string `json:"showHiddenMetricsForVersion"`
// DetectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR
// detectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR
DetectLocalMode LocalMode `json:"detectLocalMode"`
// DetectLocal contains optional configuration settings related to DetectLocalMode.
// detectLocal contains optional configuration settings related to DetectLocalMode.
DetectLocal DetectLocalConfiguration `json:"detectLocal"`
// logging specifies the options of logging.
// Refer to [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go)