This document shows how to create a cluster that does not use kube-proxy.
kube-proxy is a controller that runs on each worker node in a cluster. It
watches Kubernetes Service objects, and creates
iptables
rules to forward packets that are sent to Service addresses. An alternative to
using kube-proxy and iptables for this purpose is to use Dataplane V2 in
kube-proxy-replacement mode. This allows for the removal of kube-proxy from
the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy, use one of the supported
Red Hat Enterprise Linux
operating systems. Clusters that use Ubuntu do not support this feature.
Advantages of removing kube-proxy
Avoid the resource consumption required for maintaining a large set of iptables rules.
Improve performance. Creating iptables rules is time consuming, especially for large clusters.
Create a cluster without kube-proxy
Follow the instructions in one of the cluster creation topics.
As you fill in your cluster configuration file, include the following annotation:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
For example:
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: alice
namespace: cluster-alice
annotations:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
...
Verify that kube-proxy is not in your cluster
List the DaemonSets in the cluster:
kubectl --kubeconfig CLUSTER_KUBECONFIG \
get deamonsets --all-namespaces
Replace CLUSTER_KUBECONFIG with the path of the cluster kubeconfig file.
Verify that kube-proxy is not in the list. For example:
kube-system anetd
kube-system audit-proxy
kube-system etcd-defrag
kube-system gke-metrics-agent
kube-system kube-control-plane-metrics-proxy
kube-system localpv
kube-system metallb-speaker
kube-system node-exporter
kube-system stackdriver-log-forwarder