By default, when no value is specified in the configuration, kube-proxy might be running in either iptables or userspace mode:
--proxy-mode ProxyMode
Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs' or 'kernelspace' (windows). If blank, use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
Since both, userspace and iptables mode, seem to create iptables rules on the node, is there any reliable way to find out which proxy mode kube-proxy defaulted to?
The Mode which kube-proxy comes up with is mentioned in kube-proxy log file.
W0322 08:09:44.312816 1 server_others.go:578] Unknown proxy mode "", assuming iptables proxy
I0322 08:09:44.313052 1 server_others.go:185] Using iptables Proxier.
Check in Code https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_others.go
func getProxyMode(proxyMode string, canUseIPVS bool, kcompat iptables.KernelCompatTester) string {
switch proxyMode {
case proxyModeUserspace:
return proxyModeUserspace
case proxyModeIPTables:
return tryIPTablesProxy(kcompat)
case proxyModeIPVS:
return tryIPVSProxy(canUseIPVS, kcompat)
}
klog.Warningf("Unknown proxy mode %q, assuming iptables proxy", proxyMode)
return tryIPTablesProxy(kcompat)
}
func tryIPTablesProxy(kcompat iptables.KernelCompatTester) string {
// guaranteed false on error, error only necessary for debugging
useIPTablesProxy, err := iptables.CanUseIPTablesProxier(kcompat)
if err != nil {
utilruntime.HandleError(fmt.Errorf("can't determine whether to use iptables proxy, using userspace proxier: %v", err))
return proxyModeUserspace
}
if useIPTablesProxy {
return proxyModeIPTables
}
// Fallback.
klog.V(1).Infof("Can't use iptables proxy, using userspace proxier")
return proxyModeUserspace
}