kubernetes 1.12.1版本
Desc
The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends. Service cluster IPs and ports are currently found through Docker-links-compatible environment variables specifying ports opened by the service proxy. There is an optional addon that provides cluster DNS for these cluster IPs. The user must create a service with the apiserver API to configure the proxy.
/usr/bin/kube-proxy \
--bind-address=10.12.51.171 \
--hostname-override=10.12.51.171 \
--cluster-cidr=10.254.0.0/16 \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--logtostderr=true \
--v=2 \
--ipvs-scheduler=wrr \
--ipvs-min-sync-period=5s \
--ipvs-sync-period=5s \
--proxy-mode=ipvs
kube-proxy启动参数详解
Usage:
kube-proxy [flags]
参数 | 描述 |
--alsologtostderr | 设置true则日志输出到stderr,也输出到日志文件 |
--bind-address 0.0.0.0 | 监听主机IP地址,0.0.0.0监听主机所有主机接口 (default 0.0.0.0) |
--cleanup | 如果设置为true,则清除iptables和ipvs规则并退出 |
--cleanup-ipvs | 如果设置为true,在运行前kube-proxy将清除ipvs规则(default true) |
--cluster-cidr string | 集群中 Pod 的CIDR范围。集群外的发送到服务集群IP的流量将被伪装,从pod发送到外部 LoadBalancer IP的流量将被定向到相应的集群IP |
--config string | 配置文件路径 |
--config-sync-period duration | 从apiserver同步配置的时间间隔(default 15m0s) |
--conntrack-max-per-core int32 | 每个CPU核跟踪的最大NAT连接数(0按原来保留限制并忽略conntrack-min)(default 32768) |
--conntrack-min int32 | 分配的最小conntrack条目,无视conntrack-max-per-core选项(设置conntrack-max-per-core=0保持原始限制)(default 131072) |
--conntrack-tcp-timeout-close-wait duration | 对于TCP连接处于CLOSE_WAIT阶段的NAT超时时间(default 1h0m0s) |
--conntrack-tcp-timeout-established duration | TCP连接的空闲超时(default 24h0m0s) |
--feature-gates mapStringBool | key = value对,用于试验 |
--healthz-bind-address 0.0.0.0 | 健康检查服务器提供服务的IP地址及端口(default 0.0.0.0:10256) |
--healthz-port int32 | 配置健康检查服务的端口,0表示禁止 (default 10256) |
--hostname-override string | 使用该名字作为标识而不是实际的主机名 |
--iptables-masquerade-bit int32 | 对于纯iptables代理,则表示fwmark space的位数,用于标记需要SNAT的数据包。[0,31]范围 (default 14) |
--iptables-min-sync-period duration | 当endpoints和service变化,刷新iptables规则的最小时间间隔 |
--iptables-sync-period duration | iptables刷新的最大时间间隔 (default 30s) |
--ipvs-exclude-cidrs strings | ipvs proxier清理IPVS规则时不触及的CIDR以逗号分隔的列表 |
--ipvs-min-sync-period duration | 当endpoints和service变化,刷新ipvs规则的最小时间间隔 |
--ipvs-scheduler string | 当proxy模式设置为ipvs,ipvs调度的类型 |
--ipvs-sync-period duration | ipvs刷新的最大时间间隔 (default 30s) |
--kube-api-burst int32 | 发送到kube-apiserver每秒请求量 (default 10) |
--kube-api-content-type string | 发送到kube-apiserver请求内容类型(default "application/vnd.kubernetes.protobuf") |
--kube-api-qps float32 | 与kube-apiserver通信的qps(default 5) |
--kubeconfig string | 具有授权信息的kubeconfig文件的路径 |
--log-backtrace-at traceLocation | when logging hits line file:N, emit a stack trace (default :0) |
--log-dir string | If non-empty, write log files in this directory |
--log-flush-frequency duration | Maximum number of seconds between log flushes (default 5s) |
--logtostderr | log to standard error instead of files (default true) |
--masquerade-all | 纯 iptables 代理,对所有通过集群 service IP发送的流量进行 SNAT(通常不配置) |
--master string | Kubernetes API server地址,覆盖kubeconfig的配置 |
--metrics-bind-address 0.0.0.0 | 对于metrics服务地址和端口 (default 127.0.0.1:10249) |
--nodeport-addresses strings | A string slice of values which specify the addresses to use for NodePorts. Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses. |
--oom-score-adj int32 | kube-proxy进程的oom-score-adj值,合法值范围[-1000, 1000] (default -999) |
--profiling | 设置为true,通过web接口/debug/pprof查看性能分析 |
--proxy-mode ProxyMode | userspace / iptables / ipvs (默认为iptables) |
--proxy-port-range port-range | Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen. |
--stderrthreshold severity | logs at or above this threshold go to stderr (default 2) |
--udp-timeout duration | ow long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace (default 250ms) |
-v, --v Level | log level for V logs |
--version version[=true] | Print version information and quit |
--vmodule moduleSpec | 逗号分隔的模式=N的列表文件,用以筛选日志记录 |
--write-config-to string | If set, write the default configuration values to this file and exit. |