kube-proxy can utilise either Netfilter (via iptables or ipvs) or perform user-space proxying of traffic in order to connect clients to pods (or services) via ports on the nodes.

Since kube-proxy runs on all nodes, the service will be accessible from all nodes, even those not currently running a copy of the pod.

Proxy modes

kube-proxy supports a number of proxy modes, and it'll automatically determine the best-available option if left unconfigured with the --proxy-mode switch:

  • iptables
  • ipvs
  • userspace