The F5 Kube Proxy is a drop-in replacement for the standard Kubernetes kube proxy. It configures the F5 Application Services Proxy (ASP) in a Kubernetes cluster.
When using the ASP, be sure that the specified --proxy-plugin-port doesn’t conflict with any other port used in your host network namespace. Using a port of 1024 or greater ensures the ASP doesn’t need to be privileged.
| Parameter | Type | Required | Default | Description | Allowed Values |
|---|---|---|---|---|---|
| –alsologtostderr | boolean | Optional | false | Log to standard error as well as files. | true, false |
| –bind-address | IPv4 | Optional | 0.0.0.0 | The IP address for the proxy server to serve on - set to 0.0.0.0 for all interfaces). | IPv4 |
| –cleanup-iptables | boolean | Optional | false | If true cleanup iptables rules and exit. | |
| –cluster-cidr | string | Optional | The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed. | IPv4 CIDR | |
| –config-sync-period | duration | Optional | 15m0s | How often configuration from the apiserver is refreshed. Must be greater than 0. | {nn}m{nn}s |
| –conntrack-max | int32 | Optional | Maximum number of NAT connections to track (0 to leave as is). | ||
| –conntrack-max-per-core | int32 | Optional | 32768 | Maximum number of NAT connections to track per CPU core (0 to leave as-is). This is only considered if conntrack-max is 0. | |
| –conntrack-tcp-timeout-established | duration | Optional | 24h0m0s | Idle timeout for established TCP connections (0 to leave as is). | |
| –healthz-bind-address | IPv4 | Optional | 127.0.0.1 | The IP address for the health check server to serve on (set (set to 0.0.0.0 for all interfaces). | IPv4 |
| –healthz-port | int32 | Optional | 10249 | The port to bind the health check server. Use 0 to disable. | |
| –hostname-override | string | Optional | If non-empty, will use this this string as identification instead of actual hostname. | ||
| –iptables-masquerade-bit | int32 | Optional | 14 | If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. | range [0, 31] |
| –iptables-sync-period | duration | Optional | 30s | How often iptables rules are refreshed (e.g. ‘5s’, ‘1m’, ‘2h22m’). | Must be greater than 0. |
| –kube-api-burst | int32 | Optional | 10 | Burst to use while talking with kubernetes apiserver. | |
| –kube-api-content-type | string | Optional | “application /vnd .kubernetes .protobuf” | Content type of requests sent to apiserver. | |
| –kube-api-qps | float32 | Optional | 5 | QPS to use while talking with kubernetes apiserver. | |
| –kubeconfig | string | Optional | Set by master flag. | Path to kubeconfig file with authorization information. | file path |
| –log-backtrace-at | string | Optional | “:0” | When logging hits line file:N, emit a stack trace. | file_path:line |
| –log-dir | string | Optional | If non-empty, write log files in this directory. | file path | |
| –log-flush-frequency | duration | Optional | 5s | Maximum number of seconds between log flushes. | |
| –logtostderr | boolean | Optional | true | Log to standard error instead of files. | |
| –masquerade-all | boolean | Optional | false | If using the pure iptables proxy, SNAT everything. | |
| –master | IPv4 | Optional | The address of the Kubernetes API server (overrides any value in kubeconfig) | ||
| –oom-score-adj | int32 | Optional | -999 | The oom-score-adj value for kube-proxy process. | Range [-1000, 1000] |
| –proxy-mode | string | Optional | iptables | Which proxy mode to use: ‘userspace’ (older) or ‘iptables’ (faster). If blank look at the Node object on the Kubernetes API and respect the ‘net.experimental. kubernetes.io/proxy-mode’ annotation if provided. Otherwise use the best- available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system’s kernel or iptables versions are insufficient, this always falls back to the userspace proxy. | iptables, userspace |
| –proxy-plugin-port | int32 | Optional | 10000 | Port used to redirect service traffic to ASP for advanced processing. Must be available for ASP to bind to on the host. | |
| –proxy-port-range | string | Optional | Range of host ports that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. | “beginPort- endPort” | |
| –stderrthreshold | int32 | Optional | 2 | Logs at or above this threshold go to stderr. | |
| –udp-timeout | duration | Optional | 250ms | How long an idle UDP connection will be kept open. (e.g. ‘250ms’, ‘2s’). Only applicable for “proxy-mode= userspace”. | Must be greater than 0 |
| –v | int32 | Optional | 0 | Set the log level as a number. A higher value is more verbose. | |
| –version | boolean | Optional | false | Print version information and quit. | |
| –vmodule | string | Optional | Comma-separated list of pattern=N settings for file- filtered logging. |