Version 1.14. This version is no longer supported. For information about how to upgrade to version 1.15, see Upgrading Anthos on bare metal in the 1.15 documentation. For more information about supported and unsupported versions, see the Version history page in the latest documentation.
This document shows how to create a cluster that does not use kube-proxy.
kube-proxy is a controller that runs on each worker node in a cluster. It
watches Kubernetes Service objects, and creates
iptables
rules to forward packets that are sent to Service addresses. An alternative to
using kube-proxy and iptables for this purpose is to use Dataplane V2 in
kube-proxy-replacement mode. This allows for the removal of kube-proxy from
the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy, use one of the supported
Red Hat Enterprise Linux
operating systems. Clusters that use Ubuntu do not support this feature.
Advantages of removing kube-proxy
Avoid the resource consumption required for maintaining a large set of
iptables rules.
Improve performance. Creating iptables rules is time consuming, especially
for large clusters.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-08 UTC."],[[["\u003cp\u003eThis feature allows the creation of a cluster without \u003ccode\u003ekube-proxy\u003c/code\u003e, using Dataplane V2 as a replacement for managing network traffic.\u003c/p\u003e\n"],["\u003cp\u003eRemoving \u003ccode\u003ekube-proxy\u003c/code\u003e reduces resource consumption and improves performance by eliminating the need for managing extensive iptables rules.\u003c/p\u003e\n"],["\u003cp\u003eOnly Red Hat Enterprise Linux operating systems are supported for creating a cluster without \u003ccode\u003ekube-proxy\u003c/code\u003e; Ubuntu is not supported for this feature.\u003c/p\u003e\n"],["\u003cp\u003eEnabling this feature is irreversible, once a cluster is created without \u003ccode\u003ekube-proxy\u003c/code\u003e, it cannot be added later.\u003c/p\u003e\n"],["\u003cp\u003eTo create a cluster without \u003ccode\u003ekube-proxy\u003c/code\u003e, include the annotation \u003ccode\u003epreview.baremetal.cluster.gke.io/kube-proxy-free: "enable"\u003c/code\u003e in your cluster configuration file.\u003c/p\u003e\n"]]],[],null,["# Create a cluster without kube-proxy\n\n\u003cbr /\u003e\n\n|\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nThis document shows how to create a cluster that does not use `kube-proxy`.\n\n`kube-proxy` is a controller that runs on each worker node in a cluster. It\nwatches Kubernetes Service objects, and creates\n[iptables](https://help.ubuntu.com/community/IptablesHowTo?action=show&redirect=Iptables)\nrules to forward packets that are sent to Service addresses. An alternative to\nusing `kube-proxy` and iptables for this purpose is to use Dataplane V2 in\nkube-proxy-replacement mode. This allows for the removal of `kube-proxy` from\nthe cluster.\n\nSupported operating systems\n---------------------------\n\nTo create a cluster that does not use `kube-proxy`, use one of the supported\n[Red Hat Enterprise Linux](/anthos/clusters/docs/bare-metal/1.14/installing/configure-os/rhel)\noperating systems. Clusters that use Ubuntu do not support this feature.\n\nAdvantages of removing `kube-proxy`\n-----------------------------------\n\n- Avoid the resource consumption required for maintaining a large set of\n iptables rules.\n\n- Improve performance. Creating iptables rules is time consuming, especially\n for large clusters.\n\nCreate a cluster without `kube-proxy`\n-------------------------------------\n\n| **Warning:** If you create a cluster that has `kube-proxy` removed, you cannot reverse that decision. That is, you cannot add `kube-proxy` to the cluster at a later time.\n\nFollow the instructions in one of the\n[cluster creation](/anthos/clusters/docs/bare-metal/1.14/installing/creating-clusters/create-clusters-overview)\ntopics.\n\nAs you fill in your cluster configuration file, include the following\nannotation:\n\n```\npreview.baremetal.cluster.gke.io/kube-proxy-free: \"enable\"\n```\n\nFor example:\n\n```\napiVersion: baremetal.cluster.gke.io/v1\nkind: Cluster\nmetadata:\n name: alice\n namespace: cluster-alice\n annotations:\n preview.baremetal.cluster.gke.io/kube-proxy-free: \"enable\"\n...\n```\n\nVerify that `kube-proxy` is not in your cluster\n-----------------------------------------------\n\nList the DaemonSets in the cluster:\n\n```\nkubectl --kubeconfig CLUSTER_KUBECONFIG \\\n get deamonsets --all-namespaces\n```\n\nReplace \u003cvar translate=\"no\"\u003eCLUSTER_KUBECONFIG\u003c/var\u003e with the path of the cluster\nkubeconfig file.\n\nVerify that `kube-proxy` is not in the list. For example:\n\n\u003cbr /\u003e\n\n```\nkube-system anetd\nkube-system audit-proxy\nkube-system etcd-defrag\nkube-system gke-metrics-agent\nkube-system kube-control-plane-metrics-proxy\nkube-system localpv\nkube-system metallb-speaker\nkube-system node-exporter\nkube-system stackdriver-log-forwarder\n```\n\n\u003cbr /\u003e"]]
