Question posted in 
What is the port opened by kube-proxy for,Why does it listen on so many ports?
From my node, I can see that kube-proxy is listening to a lot of ports. Can someone explain to me why they are listening to so many ports and what is it for?
the output like below:
[root@runsdata-test-0001 ~]# netstat -antup|grep kube-proxy
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 14370/kube-proxy
tcp 0 0 10.0.0.154:59638 10.0.0.154:6443 ESTABLISHED 14370/kube-proxy
tcp6 0 0 :::31860 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::11989 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::26879 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::8100 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::10055 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::27688 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::29932 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::4303 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::31504 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::10256 :::* LISTEN 14370/kube-proxy
tcp6 0 0 :::21201 :::* LISTEN 14370/kube-proxy
[root@runsdata-test-0001 ~]# ss -antup|grep kube-proxy
tcp LISTEN 0 128 127.0.0.1:10249 *:* users:(("kube-proxy",pid=14370,fd=9))
tcp ESTAB 0 0 10.0.0.154:59638 10.0.0.154:6443 users:(("kube-proxy",pid=14370,fd=6))
tcp LISTEN 0 128 [::]:31860 [::]:* users:(("kube-proxy",pid=14370,fd=16))
tcp LISTEN 0 128 [::]:11989 [::]:* users:(("kube-proxy",pid=14370,fd=18))
tcp LISTEN 0 128 [::]:26879 [::]:* users:(("kube-proxy",pid=14370,fd=11))
tcp LISTEN 0 128 [::]:8100 [::]:* users:(("kube-proxy",pid=14370,fd=17))
tcp LISTEN 0 128 [::]:10055 [::]:* users:(("kube-proxy",pid=14370,fd=14))
tcp LISTEN 0 128 [::]:27688 [::]:* users:(("kube-proxy",pid=14370,fd=13))
tcp LISTEN 0 128 [::]:29932 [::]:* users:(("kube-proxy",pid=14370,fd=12))
tcp LISTEN 0 128 [::]:4303 [::]:* users:(("kube-proxy",pid=14370,fd=10))
tcp LISTEN 0 128 [::]:31504 [::]:* users:(("kube-proxy",pid=14370,fd=3))
tcp LISTEN 0 128 [::]:10256 [::]:* users:(("kube-proxy",pid=14370,fd=8))
tcp LISTEN 0 128 [::]:21201 [::]:* users:(("kube-proxy",pid=14370,fd=15))
As can be seen from the following results, the port that kube-proxy listens on is not the port for every service of type clusterip or nodeport. most service port is not being listened on
[root@runsdata-test-0001 ~]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
admin-dashboard ClusterIP 10.0.6.133 <none> 8652/TCP 76d app=admin-dashboard
basic-customer-service-web ClusterIP 10.0.6.70 <none> 80/TCP 88d app=basic-customer-service-web
cloud-agent-dashboard-web ClusterIP 10.0.6.82 <none> 80/TCP 88d app=cloud-agent-dashboard-web
config-server ClusterIP 10.0.6.199 <none> 8100/TCP 17d app=config-server
content-management-service-v2-0 ClusterIP 10.0.6.149 <none> 8511/TCP 88d app=content-management-service-v2-0
customer-service-web-v1 ClusterIP 10.0.6.64 <none> 80/TCP 88d app=customer-service-web-v1
customer-service-web-v2 ClusterIP 10.0.6.12 <none> 80/TCP 88d app=customer-service-web-v2
default-http-backend ClusterIP 10.0.6.102 <none> 80/TCP 62d k8s-app=default-http-backend
file-server ClusterIP 10.0.6.221 <none> 80/TCP 88d app=file-server
glusterfs-cluster ClusterIP 10.0.6.197 <none> 1990/TCP 88d <none>
glusterfs-dynamic-2364ef3c-21d9-4b57-8416-3bec33191c63 ClusterIP 10.0.6.145 <none> 1/TCP 76d <none>
glusterfs-dynamic-4cebf743-e9a3-4bc0-b96a-e3bca2d7c65b ClusterIP 10.0.6.139 <none> 1/TCP 76d <none>
glusterfs-dynamic-65ab49bf-ea94-471a-be8a-ba9a32eca3f2 ClusterIP 10.0.6.72 <none> 1/TCP 76d <none>
glusterfs-dynamic-86817d19-5173-4dfb-a09f-b27785d62619 ClusterIP 10.0.6.42 <none> 1/TCP 76d <none>
glusterfs-dynamic-8b31e26e-b33d-4ddf-8604-287b015f4463 ClusterIP 10.0.6.40 <none> 1/TCP 76d <none>
glusterfs-dynamic-8ede2720-863d-4329-8c7a-7bc2a7f540e4 ClusterIP 10.0.6.148 <none> 1/TCP 76d <none>
glusterfs-dynamic-b0d2f15d-847c-44e6-8272-0390d42806d1 ClusterIP 10.0.6.185 <none> 1/TCP 76d <none>
glusterfs-dynamic-b16b2a65-d21d-412e-88b5-ca5fb5ce8626 ClusterIP 10.0.6.29 <none> 1/TCP 76d <none>
glusterfs-dynamic-ee1be4cc-d90f-4ac4-a662-6a6fdc25e628 ClusterIP 10.0.6.251 <none> 1/TCP 76d <none>
hr-dashboard-web-global ClusterIP 10.0.6.66 <none> 80/TCP 88d app=hr-dashboard-web-global
hystrix-dashboard ClusterIP 10.0.6.87 <none> 8650/TCP 48d app=hystrix-dashboard
kafka-hs ClusterIP None <none> 9092/TCP 76d app=kafka
kafka-server ClusterIP 10.0.6.209 <none> 9092/TCP 76d app=kafka
mongo-master ClusterIP 10.0.6.39 <none> 27017/TCP 88d name=mongo
mongodb-1 ClusterIP 10.0.6.11 <none> 27017/TCP 17d <none>
mongodb-2 ClusterIP 10.0.6.55 <none> 27017/TCP 17d <none>
mongodb-3 ClusterIP 10.0.6.114 <none> 27017/TCP 17d <none>
mysql-master ClusterIP 10.0.6.201 <none> 3306/TCP 88d <none>
news-content-management-web ClusterIP 10.0.6.93 <none> 80/TCP 61d app=news-content-management-web
peony-ali-api ClusterIP 10.0.6.151 <none> 9220/TCP 62d app=peony-ali-api
peony-app-update ClusterIP 10.0.6.138 <none> 9410/TCP 87d app=peony-app-update
peony-authenticate-storage-service-v3-0 ClusterIP 10.0.6.37 <none> 8241/TCP 88d app=peony-authenticate-storage-service-v3-0
peony-hr-file-server ClusterIP 10.0.6.53 <none> 80/TCP 87d app=peony-hr-file-server
peony-infrastructure-gateway ClusterIP 10.0.6.132 <none> 8020/TCP 60d app=peony-infrastructure-gateway
peony-log-file-server ClusterIP 10.0.6.54 <none> 80/TCP 14d app=peony-log-file-server
peony-media-hr-file-server ClusterIP 10.0.6.129 <none> 80/TCP 87d app=peony-media-hr-file-server
peony-medical-file-server ClusterIP 10.0.6.31 <none> 80/TCP 87d app=peony-medical-file-server
peony-online-file-server ClusterIP 10.0.6.217 <none> 80/TCP 87d app=peony-online-file-server
peony-payment-service ClusterIP 10.0.6.38 <none> 9400/TCP 87d app=peony-payment-service
peony-sms-api ClusterIP 10.0.6.204 <none> 9200/TCP 87d app=peony-sms-api
peony-sms-gateway ClusterIP 10.0.6.7 <none> 80/TCP 87d app=peony-sms-gateway
peony-sms-sender ClusterIP 10.0.6.135 <none> 9211/TCP 87d app=peony-sms-sender
peony-sms-web ClusterIP 10.0.6.74 <none> 80/TCP 61d app=peony-sms-web
plum-gatherer-api ClusterIP 10.0.6.239 <none> 80/TCP 87d app=plum-gatherer-api
plum-gatherer-gateway ClusterIP 10.0.6.67 <none> 7010/TCP 87d app=plum-gatherer-gateway
plum-live-gatherer ClusterIP 10.0.6.187 <none> 7011/TCP 87d app=plum-live-gatherer
rabbit-server ClusterIP 10.0.6.125 <none> 5672/TCP,15672/TCP 68d app=rabbit-server
redis-foundation-master ClusterIP 10.0.6.127 <none> 6379/TCP 17d name=redis-foundation
redis-sentinel-0 ClusterIP 10.0.6.203 <none> 36379/TCP 20d <none>
redis-sentinel-1 ClusterIP 10.0.6.10 <none> 36379/TCP 20d <none>
redis-sentinel-2 ClusterIP 10.0.6.222 <none> 36379/TCP 20d <none>
redis-sms-master ClusterIP 10.0.6.50 <none> 6379/TCP 87d name=redis-sms
redis-user-master ClusterIP 10.0.6.71 <none> 6379/TCP 87d name=redis-user
si-console-web ClusterIP 10.0.6.88 <none> 80/TCP 87d app=si-console-web
si-gov-admin-web ClusterIP 10.0.6.152 <none> 80/TCP 87d app=si-gov-admin-web
society-admin-web ClusterIP 10.0.6.105 <none> 80/TCP 86d app=society-admin-web
society-admin-web-v2 ClusterIP 10.0.6.119 <none> 80/TCP 49d app=society-admin-web-v2
society-app-config-service-v2-0 ClusterIP 10.0.6.112 <none> 8013/TCP 88d app=society-app-config-service-v2-0
society-assistance-service-v1-0 ClusterIP 10.0.6.238 <none> 8531/TCP 88d app=society-assistance-service-v1-0
society-authenticate-storage-service-v3-0 ClusterIP 10.0.6.177 <none> 8241/TCP 35d app=society-authenticate-storage-service-v3-0
society-authorization-server ClusterIP 10.0.6.183 <none> 10681/TCP,9010/TCP 88d app=society-authorization-server
society-certification-service-v2-0 ClusterIP 10.0.6.198 <none> 8215/TCP 88d app=society-certification-service-v2-0
society-config-app-api ClusterIP 10.0.6.9 <none> 80/TCP 80d app=society-config-app-api
society-employment-mobile-universal-web ClusterIP 10.0.6.247 <none> 80/TCP 88d app=society-employment-mobile-universal-web
society-employment-service-v1-0 ClusterIP 10.0.6.211 <none> 8541/TCP 87d app=society-employment-service-v1-0
society-im-service-v1-0 ClusterIP 10.0.6.235 <none> 8551/TCP 87d app=society-im-service-v1-0
society-insurance-app-api ClusterIP 10.0.6.6 <none> 80/TCP 88d app=society-insurance-app-api
society-insurance-foundation-service-v2-0 ClusterIP 10.0.6.49 <none> 8223/TCP 88d app=society-insurance-foundation-service-v2-0
society-insurance-gateway ClusterIP 10.0.6.202 <none> 8020/TCP 88d app=society-insurance-gateway
society-insurance-management-service-v2-0 NodePort 10.0.6.140 <none> 8235:31860/TCP 63d app=society-insurance-management-service-v2-0
society-insurance-resident-service-v2-0 ClusterIP 10.0.6.5 <none> 8311/TCP 88d app=society-insurance-resident-service-v2-0
society-insurance-storage-service-v2-0 ClusterIP 10.0.6.2 <none> 8228/TCP 88d app=society-insurance-storage-service-v2-0
society-insurance-user-service-v2-0 ClusterIP 10.0.6.23 <none> 8221/TCP 88d app=society-insurance-user-service-v2-0
society-insurance-web-api ClusterIP 10.0.6.236 <none> 80/TCP 88d app=society-insurance-web-api
society-material-h5-web ClusterIP 10.0.6.43 <none> 80/TCP 73d app=society-material-h5-web
society-material-service-v1-0 ClusterIP 10.0.6.241 <none> 8261/TCP 67d app=society-material-service-v1-0
society-material-web ClusterIP 10.0.6.65 <none> 80/TCP 83d app=society-material-web
society-notice-service-v1-0 ClusterIP 10.0.6.16 <none> 8561/TCP 14d app=society-notice-service-v1-0
society-online-business-admin-web ClusterIP 10.0.6.230 <none> 80/TCP 88d app=society-online-business-admin-web
society-online-business-configure-h5-web ClusterIP 10.0.6.8 <none> 80/TCP 88d app=society-online-business-configure-h5-web
society-online-business-mobile-web ClusterIP 10.0.6.137 <none> 80/TCP 88d app=society-online-business-mobile-web
society-online-business-mobile-web-v2-0 ClusterIP 10.0.6.108 <none> 80/TCP 87d app=society-online-business-mobile-web-v2-0
society-online-business-mobile-web-v2-1 ClusterIP 10.0.6.128 <none> 80/TCP 87d app=society-online-business-mobile-web-v2-1
society-online-business-processor-service-v1-0 ClusterIP 10.0.6.99 <none> 10042/TCP 88d app=global-online-business-processor-service-v1-0
society-online-business-service-v2-0 ClusterIP 10.0.6.186 <none> 8216/TCP 88d app=society-online-business-service-v2-0
society-online-business-service-v2-1 ClusterIP 10.0.6.162 <none> 8216/TCP 88d app=society-online-business-service-v2-1
society-operation-gateway ClusterIP 10.0.6.4 <none> 8010/TCP 88d app=society-operation-gateway
society-operation-user-service-v1-1 ClusterIP 10.0.6.35 <none> 8012/TCP 88d app=society-operation-user-service-v1-1
society-operator-management-service-v1-0 ClusterIP 10.0.6.234 <none> 8271/TCP 83d app=society-operator-management-service-v1-0
society-operator-management-web ClusterIP 10.0.6.150 <none> 80/TCP 77d app=society-operator-management-web
society-portal-mobile-universal-web ClusterIP 10.0.6.244 <none> 80/TCP 88d app=society-portal-mobile-universal-web
society-portal-nationwide-web ClusterIP 10.0.6.237 <none> 80/TCP 88d app=society-portal-nationwide-web
society-proxy-access-service-v2-0 ClusterIP 10.0.6.243 <none> 8411/TCP 58d app=society-proxy-access-service-v2-0
society-resident-service-v3-0 ClusterIP 10.0.6.63 <none> 8231/TCP 88d app=society-resident-service-v3-0
society-training-exam-web ClusterIP 10.0.6.83 <none> 80/TCP 37d app=society-training-exam-web
society-training-mobile-universal-web ClusterIP 10.0.6.210 <none> 80/TCP 88d app=society-training-mobile-universal-web
society-training-service-v1-0 ClusterIP 10.0.6.36 <none> 8521/TCP 88d app=society-training-service-v1-0
society-user-service-v2-0 ClusterIP 10.0.6.216 <none> 8211/TCP 87d app=society-user-service-v2-0
society-user-service-v3-0 ClusterIP 10.0.6.227 <none> 8211/TCP 88d app=society-user-service-v3-0
sports-training-web ClusterIP 10.0.6.123 <none> 80/TCP 87d app=sports-training-web
static-file-server ClusterIP 10.0.6.73 <none> 80/TCP 88d app=static-file-server
traefik-ingress-controller ClusterIP 10.0.6.225 <none> 80/TCP,6080/TCP,443/TCP 17d app=traefik-ingress-controller
turbine-server ClusterIP 10.0.6.160 <none> 8989/TCP 76d app=turbine-server
weedfs-filer ClusterIP 10.0.6.32 <none> 8080/TCP 19d app=weedfs-filer
weedfs-master ClusterIP 10.0.6.91 <none> 9333/TCP 87d app=weedfs-master
weedfs-volume-1 ClusterIP 10.0.6.79 <none> 8080/TCP 87d app=weedfs-volume-1
zipkin-server ClusterIP 10.0.6.184 <none> 9411/TCP 48d app=zipkin-server
zk-cs ClusterIP 10.0.6.194 <none> 2181/TCP 76d app=zk
zk-hs ClusterIP None <none> 2888/TCP,3888/TCP 76d app=zk
[root@runsdata-test-0001 ~]# ss -antup|grep kube-proxy
tcp LISTEN 0 128 127.0.0.1:10249 *:* users:(("kube-proxy",pid=14370,fd=9))
tcp ESTAB 0 0 10.0.0.154:59638 10.0.0.154:6443 users:(("kube-proxy",pid=14370,fd=6))
tcp LISTEN 0 128 [::]:31860 [::]:* users:(("kube-proxy",pid=14370,fd=16))
tcp LISTEN 0 128 [::]:11989 [::]:* users:(("kube-proxy",pid=14370,fd=18))
tcp LISTEN 0 128 [::]:26879 [::]:* users:(("kube-proxy",pid=14370,fd=11))
tcp LISTEN 0 128 [::]:8100 [::]:* users:(("kube-proxy",pid=14370,fd=17))
tcp LISTEN 0 128 [::]:10055 [::]:* users:(("kube-proxy",pid=14370,fd=14))
tcp LISTEN 0 128 [::]:27688 [::]:* users:(("kube-proxy",pid=14370,fd=13))
tcp LISTEN 0 128 [::]:29932 [::]:* users:(("kube-proxy",pid=14370,fd=12))
tcp LISTEN 0 128 [::]:4303 [::]:* users:(("kube-proxy",pid=14370,fd=10))
tcp LISTEN 0 128 [::]:31504 [::]:* users:(("kube-proxy",pid=14370,fd=3))
tcp LISTEN 0 128 [::]:10256 [::]:* users:(("kube-proxy",pid=14370,fd=8))
tcp LISTEN 0 128 [::]:21201 [::]:* users:(("kube-proxy",pid=14370,fd=15))
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 31860
society-insurance-management-service-v2-0 NodePort 10.0.6.140 <none> 8235:31860/TCP 63d app=society-insurance-management-service-v2-0
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 11989
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 26879
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 8100
config-server ClusterIP 10.0.6.199 <none> 8100/TCP 17d app=config-server
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 10055
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 27688
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 29932
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 4303
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 31504
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 10256
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 21201
[root@runsdata-test-0001 ~]#
2
Answers
Based on the official documentation:
Basically, it listens for the active
Services and forwards them across your cluster.You can get the list of registered services with:
Whenever you create a service of type ClusterIP or NodePort in kubernetes kube proxy will start listening for ports defined in these services and requests coming to those IP and port will be routed to backend pods.