This document shows how to create a cluster that does not use kube-proxy.
kube-proxy is a controller that runs on each worker node in a cluster. It watches Kubernetes Service objects, and creates iptables rules to forward packets that are sent to Service addresses. An alternative to using kube-proxy and iptables for this purpose is to use Dataplane V2 in kube-proxy-replacement mode. This allows for the removal of kube-proxy from the cluster.
Supported operating systems
To create a cluster that does not use kube-proxy, use one of the supported Red Hat Enterprise Linux operating systems or a supported Ubuntu operating system with kernel version 5.7.0 or later. If your cluster uses an Ubuntu operating system with kernel version earlier than 5.7.0, this feature is not supported.
Advantages of removing kube-proxy
Avoid the resource consumption required for maintaining a large set of iptables rules.
Improve performance. Creating iptables rules is time consuming, especially for large clusters.
Create a cluster without kube-proxy
Follow the instructions in one of the cluster creation topics.
As you fill in your cluster configuration file, include the following annotation:
preview.baremetal.cluster.gke.io/kube-proxy-free: "enable"
For example:
apiVersion: baremetal.cluster.gke.io/v1 kind: Cluster metadata: name: alice namespace: cluster-alice annotations: preview.baremetal.cluster.gke.io/kube-proxy-free: "enable" ...
Verify that kube-proxy is not in your cluster
List the DaemonSets in the cluster:
kubectl --kubeconfig CLUSTER_KUBECONFIG \ get daemonsets --all-namespaces
Replace CLUSTER_KUBECONFIG with the path of the cluster kubeconfig file.
Verify that kube-proxy is not in the list. For example:
kube-system anetd kube-system audit-proxy kube-system etcd-defrag kube-system gke-metrics-agent kube-system kube-control-plane-metrics-proxy kube-system localpv kube-system metallb-speaker kube-system node-exporter kube-system stackdriver-log-forwarder