Version 1.16. This version is no longer supported. For information about how to upgrade to version 1.28, see Upgrade clusters in the latest documentation. For more information about supported and unsupported versions, see the Versioning page in the latest documentation.
This document shows how to create a cluster that does not use kube-proxy.
kube-proxy is a controller that runs on each worker node in a cluster. It
watches Kubernetes Service objects, and creates
iptables
rules to forward packets that are sent to Service addresses. An alternative to
using kube-proxy and iptables for this purpose is to use Dataplane V2 in
kube-proxy-replacement mode. This allows for the removal of kube-proxy from
the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy, use one of the supported
Red Hat Enterprise Linux
operating systems or a supported
Ubuntu
operating system with kernel version 5.7.0 or later. If your cluster uses an
Ubuntu operating system with kernel version earlier than 5.7.0, this feature is
not supported.
Advantages of removing kube-proxy
Avoid the resource consumption required for maintaining a large set of
iptables rules.
Improve performance. Creating iptables rules is time consuming, especially
for large clusters.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis document explains how to create a Kubernetes cluster without \u003ccode\u003ekube-proxy\u003c/code\u003e by utilizing Dataplane V2 in kube-proxy-replacement mode.\u003c/p\u003e\n"],["\u003cp\u003eRemoving \u003ccode\u003ekube-proxy\u003c/code\u003e from a cluster offers benefits such as reduced resource consumption and improved performance by avoiding the management of large iptables rule sets.\u003c/p\u003e\n"],["\u003cp\u003eCreating a cluster without \u003ccode\u003ekube-proxy\u003c/code\u003e is an irreversible action, and you cannot add \u003ccode\u003ekube-proxy\u003c/code\u003e to the cluster afterward.\u003c/p\u003e\n"],["\u003cp\u003eTo create a \u003ccode\u003ekube-proxy\u003c/code\u003e-free cluster, you must use a supported Red Hat Enterprise Linux or a supported Ubuntu operating system with kernel version 5.7.0 or later, and include the \u003ccode\u003epreview.baremetal.cluster.gke.io/kube-proxy-free: "enable"\u003c/code\u003e annotation in your cluster configuration file.\u003c/p\u003e\n"],["\u003cp\u003eYou can verify that \u003ccode\u003ekube-proxy\u003c/code\u003e is not in the cluster by listing the DaemonSets with \u003ccode\u003ekubectl get deamonsets --all-namespaces\u003c/code\u003e and confirming \u003ccode\u003ekube-proxy\u003c/code\u003e is absent from the list.\u003c/p\u003e\n"]]],[],null,[]]