Create a cluster without kube-proxy

This document shows how to create a cluster that does not use kube-proxy.

kube-proxy is a controller that runs on each worker node in a cluster. It watches Kubernetes Service objects, and creates iptables rules to forward packets that are sent to Service addresses. An alternative to using kube-proxy and iptables for this purpose is to use Dataplane V2 in kube-proxy-replacement mode. This allows for the removal of kube-proxy from the cluster.

Supported operating systems

To create a cluster that does not use kube-proxy, use one of the supported Red Hat Enterprise Linux operating systems or a supported Ubuntu operating system with kernel version 5.7.0 or later. If your cluster uses an Ubuntu operating system with kernel version earlier than 5.7.0, this feature is not supported.

Advantages of removing kube-proxy

  • Avoid the resource consumption required for maintaining a large set of iptables rules.

  • Improve performance. Creating iptables rules is time consuming, especially for large clusters.

Create a cluster without kube-proxy

Follow the instructions in one of the cluster creation topics.

As you fill in your cluster configuration file, include the following annotation:

preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"

For example:

apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: alice
  namespace: cluster-alice
  annotations:
    preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
...

Verify that kube-proxy is not in your cluster

List the DaemonSets in the cluster:

kubectl --kubeconfig CLUSTER_KUBECONFIG \
    get daemonsets --all-namespaces

Replace CLUSTER_KUBECONFIG with the path of the cluster kubeconfig file.

Verify that kube-proxy is not in the list. For example:

kube-system   anetd
kube-system   audit-proxy
kube-system   etcd-defrag
kube-system   gke-metrics-agent
kube-system   kube-control-plane-metrics-proxy
kube-system   localpv
kube-system   metallb-speaker
kube-system   node-exporter
kube-system   stackdriver-log-forwarder