From 0d7d7470dd22af023e64e8d278bbf22d53aacce6 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Wed, 17 Feb 2021 20:44:43 +0800 Subject: [PATCH] Add kube-proxy config reference This is a reference for kube-proxy config generated from kubernetes-sigs/reference-docs/genref tool. More specifically, it is generated using the following command: ./genref -include kube-proxy --- .../concepts/services-networking/service.md | 13 +- content/en/docs/reference/_index.md | 13 +- .../en/docs/reference/config-api/_index.md | 5 + .../config-api/kube-proxy-config.v1alpha1.md | 537 ++++++++++++++++++ .../setup-tools/kubeadm/kubeadm-init.md | 2 +- 5 files changed, 561 insertions(+), 9 deletions(-) create mode 100644 content/en/docs/reference/config-api/_index.md create mode 100644 content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index b7a7edcd38..3ac07138e0 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -513,8 +513,13 @@ allocates a port from a range specified by `--service-node-port-range` flag (def Each node proxies that port (the same port number on every Node) into your Service. Your Service reports the allocated port in its `.spec.ports[*].nodePort` field. -If you want to specify particular IP(s) to proxy the port, you can set the `--nodeport-addresses` flag in kube-proxy to particular IP block(s); this is supported since Kubernetes v1.10. -This flag takes a comma-delimited list of IP blocks (e.g. 10.0.0.0/8, 192.0.2.0/25) to specify IP address ranges that kube-proxy should consider as local to this node. +If you want to specify particular IP(s) to proxy the port, you can set the +`--nodeport-addresses` flag for kube-proxy or the equivalent `nodePortAddresses` +field of the +[kube-proxy configuration file](/docs/reference/config-api/kube-proxy-config.v1alpha1/) +to particular IP block(s). + +This flag takes a comma-delimited list of IP blocks (e.g. `10.0.0.0/8`, `192.0.2.0/25`) to specify IP address ranges that kube-proxy should consider as local to this node. For example, if you start kube-proxy with the `--nodeport-addresses=127.0.0.0/8` flag, kube-proxy only selects the loopback interface for NodePort Services. The default for `--nodeport-addresses` is an empty list. This means that kube-proxy should consider all available network interfaces for NodePort. (That's also compatible with earlier Kubernetes releases). @@ -530,7 +535,9 @@ to configure environments that are not fully supported by Kubernetes, or even to just expose one or more nodes' IPs directly. Note that this Service is visible as `:spec.ports[*].nodePort` -and `.spec.clusterIP:spec.ports[*].port`. (If the `--nodeport-addresses` flag in kube-proxy is set, would be filtered NodeIP(s).) +and `.spec.clusterIP:spec.ports[*].port`. +If the `--nodeport-addresses` flag for kube-proxy or the equivalent field +in the kube-proxy configuration file is set, `` would be filtered node IP(s). For example: diff --git a/content/en/docs/reference/_index.md b/content/en/docs/reference/_index.md index a261b8a947..00adcad7d7 100644 --- a/content/en/docs/reference/_index.md +++ b/content/en/docs/reference/_index.md @@ -54,14 +54,17 @@ client libraries: * [kubelet](/docs/reference/command-line-tools-reference/kubelet/) - The primary *node agent* that runs on each node. The kubelet takes a set of PodSpecs and ensures that the described containers are running and healthy. * [kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/) - REST API that validates and configures data for API objects such as pods, services, replication controllers. * [kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/) - Daemon that embeds the core control loops shipped with Kubernetes. -* [kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/) - Can do simple TCP/UDP stream forwarding or round-robin TCP/UDP forwarding across a set of back-ends. -* [kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/) - Scheduler that manages availability, performance, and capacity. +* [kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/) - Can + do simple TCP/UDP stream forwarding or round-robin TCP/UDP forwarding across + a set of back-ends. +* [kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/) - Scheduler that manages availability, performance, and capacity. -## Scheduling + * [Scheduler Policies](/docs/reference/scheduling/policies) + * [Scheduler Profiles](/docs/reference/scheduling/config#profiles) -* [Scheduler Policies](/docs/reference/scheduling/policies) -* [Scheduler Profiles](/docs/reference/scheduling/config#profiles) +## Config APIs +* [kube-proxy configuration (v1alpha1)](/docs/reference/config-api/kube-proxy-config.v1alpha1/) ## Design Docs diff --git a/content/en/docs/reference/config-api/_index.md b/content/en/docs/reference/config-api/_index.md new file mode 100644 index 0000000000..a053b77d60 --- /dev/null +++ b/content/en/docs/reference/config-api/_index.md @@ -0,0 +1,5 @@ +--- +title: Configuration APIs +weight: 65 +--- + diff --git a/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md b/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md new file mode 100644 index 0000000000..e66bcd7443 --- /dev/null +++ b/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md @@ -0,0 +1,537 @@ +--- +title: kube-proxy Configuration (v1alpha1) +content_type: tool-reference +package: kubeproxy.config.k8s.io/v1alpha1 +auto_generated: true +--- + + +## Resource Types + + + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + + + +## `KubeProxyConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration} + + + + + +KubeProxyConfiguration contains everything necessary to configure the +Kubernetes proxy server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
apiVersion
string		kubeproxy.config.k8s.io/v1alpha1
kind
string		KubeProxyConfiguration
featureGates [Required]
+map[string]bool +		 + featureGates is a map of feature names to bools that enable or disable alpha/experimental features.
bindAddress [Required]
+string +		 + bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0 +for all interfaces)
healthzBindAddress [Required]
+string +		 + healthzBindAddress is the IP address and port for the health check server to serve on, +defaulting to 0.0.0.0:10256
metricsBindAddress [Required]
+string +		 + metricsBindAddress is the IP address and port for the metrics server to serve on, +defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces)
bindAddressHardFail [Required]
+bool +		 + bindAddressHardFail, if true, kube-proxy will treat failure to bind to a port as fatal and exit
enableProfiling [Required]
+bool +		 + enableProfiling enables profiling via web interface on /debug/pprof handler. +Profiling handlers will be handled by metrics server.
clusterCIDR [Required]
+string +		 + clusterCIDR is the CIDR range of the pods in the cluster. It is used to +bridge traffic coming from outside of the cluster. If not provided, +no off-cluster bridging will be performed.
hostnameOverride [Required]
+string +		 + hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname.
clientConnection [Required]
+ClientConnectionConfiguration +		 + clientConnection specifies the kubeconfig file and client connection settings for the proxy +server to use when communicating with the apiserver.
iptables [Required]
+KubeProxyIPTablesConfiguration +		 + iptables contains iptables-related configuration options.
ipvs [Required]
+KubeProxyIPVSConfiguration +		 + ipvs contains ipvs-related configuration options.
oomScoreAdj [Required]
+int32 +		 + oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within +the range [-1000, 1000]
mode [Required]
+ProxyMode +		 + mode specifies which proxy mode to use.
portRange [Required]
+string +		 + portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed +in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
udpIdleTimeout [Required]
+meta/v1.Duration +		 + udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s'). +Must be greater than 0. Only applicable for proxyMode=userspace.
conntrack [Required]
+KubeProxyConntrackConfiguration +		 + conntrack contains conntrack-related configuration options.
configSyncPeriod [Required]
+meta/v1.Duration +		 + configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater +than 0.
nodePortAddresses [Required]
+[]string +		 + nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid +IP blocks. These values are as a parameter to select the interfaces where nodeport works. +In case someone would like to expose a service on localhost for local visit and some other interfaces for +particular purpose, a list of IP blocks would do that. +If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort. +If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node. +An empty string slice is meant to select all network interfaces.
winkernel [Required]
+KubeProxyWinkernelConfiguration +		 + winkernel contains winkernel-related configuration options.
showHiddenMetricsForVersion [Required]
+string +		 + ShowHiddenMetricsForVersion is the version for which you want to show hidden metrics.
detectLocalMode [Required]
+LocalMode +		 + DetectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR
+ + + +## `KubeProxyConntrackConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConntrackConfiguration} + + + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +KubeProxyConntrackConfiguration contains conntrack settings for +the Kubernetes proxy server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
maxPerCore [Required]
+int32 +		 + maxPerCore is the maximum number of NAT connections to track +per CPU core (0 to leave the limit as-is and ignore min).
min [Required]
+int32 +		 + min is the minimum value of connect-tracking records to allocate, +regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).
tcpEstablishedTimeout [Required]
+meta/v1.Duration +		 + tcpEstablishedTimeout is how long an idle TCP connection will be kept open +(e.g. '2s'). Must be greater than 0 to set.
tcpCloseWaitTimeout [Required]
+meta/v1.Duration +		 + tcpCloseWaitTimeout is how long an idle conntrack entry +in CLOSE_WAIT state will remain in the conntrack +table. (e.g. '60s'). Must be greater than 0 to set.
+ + + +## `KubeProxyIPTablesConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyIPTablesConfiguration} + + + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +KubeProxyIPTablesConfiguration contains iptables-related configuration +details for the Kubernetes proxy server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
masqueradeBit [Required]
+int32 +		 + masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using +the pure iptables proxy mode. Values must be within the range [0, 31].
masqueradeAll [Required]
+bool +		 + masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode.
syncPeriod [Required]
+meta/v1.Duration +		 + syncPeriod is the period that iptables rules are refreshed (e.g. '5s', '1m', +'2h22m'). Must be greater than 0.
minSyncPeriod [Required]
+meta/v1.Duration +		 + minSyncPeriod is the minimum period that iptables rules are refreshed (e.g. '5s', '1m', +'2h22m').
+ + + +## `KubeProxyIPVSConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyIPVSConfiguration} + + + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +KubeProxyIPVSConfiguration contains ipvs-related configuration +details for the Kubernetes proxy server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
syncPeriod [Required]
+meta/v1.Duration +		 + syncPeriod is the period that ipvs rules are refreshed (e.g. '5s', '1m', +'2h22m'). Must be greater than 0.
minSyncPeriod [Required]
+meta/v1.Duration +		 + minSyncPeriod is the minimum period that ipvs rules are refreshed (e.g. '5s', '1m', +'2h22m').
scheduler [Required]
+string +		 + ipvs scheduler
excludeCIDRs [Required]
+[]string +		 + excludeCIDRs is a list of CIDR's which the ipvs proxier should not touch +when cleaning up ipvs services.
strictARP [Required]
+bool +		 + strict ARP configure arp_ignore and arp_announce to avoid answering ARP queries +from kube-ipvs0 interface
tcpTimeout [Required]
+meta/v1.Duration +		 + tcpTimeout is the timeout value used for idle IPVS TCP sessions. +The default value is 0, which preserves the current timeout value on the system.
tcpFinTimeout [Required]
+meta/v1.Duration +		 + tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN. +The default value is 0, which preserves the current timeout value on the system.
udpTimeout [Required]
+meta/v1.Duration +		 + udpTimeout is the timeout value used for IPVS UDP packets. +The default value is 0, which preserves the current timeout value on the system.
+ + + +## `KubeProxyWinkernelConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyWinkernelConfiguration} + + + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +KubeProxyWinkernelConfiguration contains Windows/HNS settings for +the Kubernetes proxy server. + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
networkName [Required]
+string +		 + networkName is the name of the network kube-proxy will use +to create endpoints and policies
sourceVip [Required]
+string +		 + sourceVip is the IP address of the source VIP endoint used for +NAT when loadbalancing
enableDSR [Required]
+bool +		 + enableDSR tells kube-proxy whether HNS policies should be created +with DSR
+ + + +## `LocalMode` {#kubeproxy-config-k8s-io-v1alpha1-LocalMode} + +(Alias of `string`) + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +LocalMode represents modes to detect local traffic from the node + + + + + +## `ProxyMode` {#kubeproxy-config-k8s-io-v1alpha1-ProxyMode} + +(Alias of `string`) + + +**Appears in:** + +- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration) + + +ProxyMode represents modes used by the Kubernetes proxy server. + +Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables' +(newer, faster), 'ipvs'(newest, better in performance and scalability). + +Two modes of proxy are available in Windows platform: 'userspace'(older, stable) and 'kernelspace' (newer, faster). + +In Linux platform, if proxy mode is blank, use the best-available proxy (currently iptables, but may change in the +future). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are +insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to 'ipvs', +and the fall back path is firstly iptables and then userspace. + +In Windows platform, if proxy mode is blank, use the best-available proxy (currently userspace, but may change in the +future). If winkernel proxy is selected, regardless of how, but the Windows kernel can't support this mode of proxy, +this always falls back to the userspace proxy. + + + + diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md index 3d4b977102..96a7b17a4e 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md +++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md @@ -130,7 +130,7 @@ page and pick a version from [the list](https://godoc.org/k8s.io/kubernetes/cmd/ ### Adding kube-proxy parameters {#kube-proxy} For information about kube-proxy parameters in the kubeadm configuration see: -- [kube-proxy](https://godoc.org/k8s.io/kubernetes/pkg/proxy/apis/config#KubeProxyConfiguration) +- [kube-proxy reference](/docs/reference/config-api/kube-proxy-config.v1alpha1/) For information about enabling IPVS mode with kubeadm see: - [IPVS](https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md)