This document shows how to create a cluster that does not use kube-proxy.
kube-proxy is a controller that runs on each worker node in a cluster. It
watches Kubernetes Service objects, and creates
iptables
rules to forward packets that are sent to Service addresses. An alternative to
using kube-proxy and iptables for this purpose is to use Dataplane V2 in
kube-proxy-replacement mode. This allows for the removal of kube-proxy from
the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy, use one of the supported
Red Hat Enterprise Linux
operating systems or a supported
Ubuntu
operating system with kernel version 5.7.0 or later. If your cluster uses an
Ubuntu operating system with kernel version earlier than 5.7.0, this feature is
not supported.
Advantages of removing kube-proxy
Avoid the resource consumption required for maintaining a large set of iptables rules.
Improve performance. Creating iptables rules is time consuming, especially for large clusters.
Create a cluster without kube-proxy
Follow the instructions in one of the cluster creation topics.
As you fill in your cluster configuration file, include the following annotation:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
For example:
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: alice
namespace: cluster-alice
annotations:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
...
Verify that kube-proxy is not in your cluster
List the DaemonSets in the cluster:
kubectl --kubeconfig CLUSTER_KUBECONFIG \
get deamonsets --all-namespaces
Replace CLUSTER_KUBECONFIG with the path of the cluster kubeconfig file.
Verify that kube-proxy is not in the list. For example:
kube-system anetd
kube-system audit-proxy
kube-system etcd-defrag
kube-system gke-metrics-agent
kube-system kube-control-plane-metrics-proxy
kube-system localpv
kube-system metallb-speaker
kube-system node-exporter
kube-system stackdriver-log-forwarder