Kube Proxy

Kube Proxy

Kube Proxy runs on each node to deal with individual host sub-netting and ensure that the services are available to external parties.

Within a Kubernetes cluster every pod can reach any other pod. This is accomplished by deploying a pod networking solution to the cluster.
A POD network is an internal virtual network that spans across all the nodes in the cluster to which all the POD’s connected. To this network they are able to connect each other. There are many solutions available for deploying such a network.

For example, i have a web application that is deployed on the first node and the database application deployed on the second node.

The web application can reach the database simply by using the IP Address of the POD. There is no guaranty that the IP address of the database always remain the same. So here the better way for the web application to access the database using service name. So we create a service to expose the database application across the cluster. The web application can now access the database using the name of the service (in this example service name is db).

The service also gets the IP Address. Whenever a pod tries to reach the service using it’s IP address or it’s name, it forwards the traffic to the back end pod (in this case the database). The service can’t join the POD network, because service is not an actual thing. It is not a container like POD’s and doesn’t have interfaces or actively listening process. It is a virtual component that only lives in the Kubernetes memory. Then how service is accessible across the cluster? How it is achieved? That’s where Kube Proxy comes in.

Kube proxy is a process that runs on each node in the Kubernetes cluster. It’s Job is look for new services and every time a new service is created, Kube proxy creates the appropriate rules on the each node to forward traffic to those services to the backed POD’s.

One way does this by using IP tables rule. In this case it creates an IP tables rule on each node in the cluster to forward traffic heading to the IP address of the service which is 10.96.0.12 to the IP of the actual POD 10.32.0.15. That’s how Kube Proxy is configures a service.