Login/Register
How to find which mode kube-proxy is running in
Asked Answered
Solved kuberneteskube-proxy
V

2

11

By default, when no value is specified in the configuration, kube-proxy might be running in either iptables or userspace mode:

--proxy-mode ProxyMode

Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs' or 'kernelspace' (windows). If blank, use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.

doc

Since both, userspace and iptables mode, seem to create iptables rules on the node, is there any reliable way to find out which proxy mode kube-proxy defaulted to?

Veasey answered 22/3, 2021 at 12:27 Comment(0)
I
14

The Mode which kube-proxy comes up with is mentioned in kube-proxy log file.

W0322 08:09:44.312816       1 server_others.go:578] Unknown proxy mode "", assuming iptables proxy
I0322 08:09:44.313052       1 server_others.go:185] Using iptables Proxier.

Check in Code https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_others.go


func getProxyMode(proxyMode string, canUseIPVS bool, kcompat iptables.KernelCompatTester) string {
    switch proxyMode {
    case proxyModeUserspace:
        return proxyModeUserspace
    case proxyModeIPTables:
        return tryIPTablesProxy(kcompat)
    case proxyModeIPVS:
        return tryIPVSProxy(canUseIPVS, kcompat)
    }
    klog.Warningf("Unknown proxy mode %q, assuming iptables proxy", proxyMode)
    return tryIPTablesProxy(kcompat)
}

func tryIPTablesProxy(kcompat iptables.KernelCompatTester) string {
    // guaranteed false on error, error only necessary for debugging
    useIPTablesProxy, err := iptables.CanUseIPTablesProxier(kcompat)
    if err != nil {
        utilruntime.HandleError(fmt.Errorf("can't determine whether to use iptables proxy, using userspace proxier: %v", err))
        return proxyModeUserspace
    }
    if useIPTablesProxy {
        return proxyModeIPTables
    }
    // Fallback.
    klog.V(1).Infof("Can't use iptables proxy, using userspace proxier")
    return proxyModeUserspace
}
Indented answered 22/3, 2021 at 12:40 Comment(0)
B
1

By default, Kube-proxy runs on port 10249 and exposes a set of endpoints that you can use to query Kube-proxy for information.

You can use the /proxyMode endpoint to check the kube-proxy mode.

First connect through SSH to one of the nodes in the cluster. Then use the command curl localhost:10249/proxyMode.

$ curl localhost:10249/proxyMode
iptables

See also, https://medium.com/@amroessameldin/kube-proxy-what-is-it-and-how-it-works-6def85d9bc8f.

Beattie answered 29/2 at 4:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.