Kube Proxy

In a Kubernetes cluster, all pods have access to all other pods. To enable this connectivity, a networking solution is deployed in the Kubernetes cluster, establishing an internal virtual network. Later on, we'll explore the various options available for this purpose.

It's important to note that there's no guarantee that a pod's IP will always be the same, as it can fail and be recreated by the Replication Controller with a different IP. For this reason, we reference pods through services using names, which resolve the corresponding IPs. This is what services and their endpoints exist for, being managed by Kube-Proxy.

A service doesn't bind directly to a pod, as it's a virtual entity that doesn't have interfaces or an active listening process. The service exists exclusively in Kubernetes memory. Kube-Proxy monitors the creation of new services and, whenever a new service is created, it configures appropriate rules on each node to forward traffic to the correct pod ports. This is accomplished through the use of iptables or ipvs.

Kube-Proxy runs on each node as a service or as a pod, depending on the installation.

Note that, running as a pod, the controller is a DaemonSet that ensures one Kube-Proxy per node.