skip to Main Content

What is the port opened by kube-proxy for,Why does it listen on so many ports?
From my node, I can see that kube-proxy is listening to a lot of ports. Can someone explain to me why they are listening to so many ports and what is it for?
the output like below:

[root@runsdata-test-0001 ~]# netstat -antup|grep kube-proxy
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      14370/kube-proxy    
tcp        0      0 10.0.0.154:59638        10.0.0.154:6443         ESTABLISHED 14370/kube-proxy    
tcp6       0      0 :::31860                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::11989                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::26879                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::8100                 :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::10055                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::27688                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::29932                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::4303                 :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::31504                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::10256                :::*                    LISTEN      14370/kube-proxy    
tcp6       0      0 :::21201                :::*                    LISTEN      14370/kube-proxy    
[root@runsdata-test-0001 ~]# ss -antup|grep kube-proxy
tcp    LISTEN     0      128    127.0.0.1:10249                 *:*                   users:(("kube-proxy",pid=14370,fd=9))
tcp    ESTAB      0      0      10.0.0.154:59638              10.0.0.154:6443                users:(("kube-proxy",pid=14370,fd=6))
tcp    LISTEN     0      128    [::]:31860              [::]:*                   users:(("kube-proxy",pid=14370,fd=16))
tcp    LISTEN     0      128    [::]:11989              [::]:*                   users:(("kube-proxy",pid=14370,fd=18))
tcp    LISTEN     0      128    [::]:26879              [::]:*                   users:(("kube-proxy",pid=14370,fd=11))
tcp    LISTEN     0      128    [::]:8100               [::]:*                   users:(("kube-proxy",pid=14370,fd=17))
tcp    LISTEN     0      128    [::]:10055              [::]:*                   users:(("kube-proxy",pid=14370,fd=14))
tcp    LISTEN     0      128    [::]:27688              [::]:*                   users:(("kube-proxy",pid=14370,fd=13))
tcp    LISTEN     0      128    [::]:29932              [::]:*                   users:(("kube-proxy",pid=14370,fd=12))
tcp    LISTEN     0      128    [::]:4303               [::]:*                   users:(("kube-proxy",pid=14370,fd=10))
tcp    LISTEN     0      128    [::]:31504              [::]:*                   users:(("kube-proxy",pid=14370,fd=3))
tcp    LISTEN     0      128    [::]:10256              [::]:*                   users:(("kube-proxy",pid=14370,fd=8))
tcp    LISTEN     0      128    [::]:21201              [::]:*                   users:(("kube-proxy",pid=14370,fd=15))

As can be seen from the following results, the port that kube-proxy listens on is not the port for every service of type clusterip or nodeport. most service port is not being listened on

[root@runsdata-test-0001 ~]# kubectl get svc -o wide
NAME                                                     TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                   AGE   SELECTOR
admin-dashboard                                          ClusterIP   10.0.6.133   <none>        8652/TCP                  76d   app=admin-dashboard
basic-customer-service-web                               ClusterIP   10.0.6.70    <none>        80/TCP                    88d   app=basic-customer-service-web
cloud-agent-dashboard-web                                ClusterIP   10.0.6.82    <none>        80/TCP                    88d   app=cloud-agent-dashboard-web
config-server                                            ClusterIP   10.0.6.199   <none>        8100/TCP                  17d   app=config-server
content-management-service-v2-0                          ClusterIP   10.0.6.149   <none>        8511/TCP                  88d   app=content-management-service-v2-0
customer-service-web-v1                                  ClusterIP   10.0.6.64    <none>        80/TCP                    88d   app=customer-service-web-v1
customer-service-web-v2                                  ClusterIP   10.0.6.12    <none>        80/TCP                    88d   app=customer-service-web-v2
default-http-backend                                     ClusterIP   10.0.6.102   <none>        80/TCP                    62d   k8s-app=default-http-backend
file-server                                              ClusterIP   10.0.6.221   <none>        80/TCP                    88d   app=file-server
glusterfs-cluster                                        ClusterIP   10.0.6.197   <none>        1990/TCP                  88d   <none>
glusterfs-dynamic-2364ef3c-21d9-4b57-8416-3bec33191c63   ClusterIP   10.0.6.145   <none>        1/TCP                     76d   <none>
glusterfs-dynamic-4cebf743-e9a3-4bc0-b96a-e3bca2d7c65b   ClusterIP   10.0.6.139   <none>        1/TCP                     76d   <none>
glusterfs-dynamic-65ab49bf-ea94-471a-be8a-ba9a32eca3f2   ClusterIP   10.0.6.72    <none>        1/TCP                     76d   <none>
glusterfs-dynamic-86817d19-5173-4dfb-a09f-b27785d62619   ClusterIP   10.0.6.42    <none>        1/TCP                     76d   <none>
glusterfs-dynamic-8b31e26e-b33d-4ddf-8604-287b015f4463   ClusterIP   10.0.6.40    <none>        1/TCP                     76d   <none>
glusterfs-dynamic-8ede2720-863d-4329-8c7a-7bc2a7f540e4   ClusterIP   10.0.6.148   <none>        1/TCP                     76d   <none>
glusterfs-dynamic-b0d2f15d-847c-44e6-8272-0390d42806d1   ClusterIP   10.0.6.185   <none>        1/TCP                     76d   <none>
glusterfs-dynamic-b16b2a65-d21d-412e-88b5-ca5fb5ce8626   ClusterIP   10.0.6.29    <none>        1/TCP                     76d   <none>
glusterfs-dynamic-ee1be4cc-d90f-4ac4-a662-6a6fdc25e628   ClusterIP   10.0.6.251   <none>        1/TCP                     76d   <none>
hr-dashboard-web-global                                  ClusterIP   10.0.6.66    <none>        80/TCP                    88d   app=hr-dashboard-web-global
hystrix-dashboard                                        ClusterIP   10.0.6.87    <none>        8650/TCP                  48d   app=hystrix-dashboard
kafka-hs                                                 ClusterIP   None         <none>        9092/TCP                  76d   app=kafka
kafka-server                                             ClusterIP   10.0.6.209   <none>        9092/TCP                  76d   app=kafka
mongo-master                                             ClusterIP   10.0.6.39    <none>        27017/TCP                 88d   name=mongo
mongodb-1                                                ClusterIP   10.0.6.11    <none>        27017/TCP                 17d   <none>
mongodb-2                                                ClusterIP   10.0.6.55    <none>        27017/TCP                 17d   <none>
mongodb-3                                                ClusterIP   10.0.6.114   <none>        27017/TCP                 17d   <none>
mysql-master                                             ClusterIP   10.0.6.201   <none>        3306/TCP                  88d   <none>
news-content-management-web                              ClusterIP   10.0.6.93    <none>        80/TCP                    61d   app=news-content-management-web
peony-ali-api                                            ClusterIP   10.0.6.151   <none>        9220/TCP                  62d   app=peony-ali-api
peony-app-update                                         ClusterIP   10.0.6.138   <none>        9410/TCP                  87d   app=peony-app-update
peony-authenticate-storage-service-v3-0                  ClusterIP   10.0.6.37    <none>        8241/TCP                  88d   app=peony-authenticate-storage-service-v3-0
peony-hr-file-server                                     ClusterIP   10.0.6.53    <none>        80/TCP                    87d   app=peony-hr-file-server
peony-infrastructure-gateway                             ClusterIP   10.0.6.132   <none>        8020/TCP                  60d   app=peony-infrastructure-gateway
peony-log-file-server                                    ClusterIP   10.0.6.54    <none>        80/TCP                    14d   app=peony-log-file-server
peony-media-hr-file-server                               ClusterIP   10.0.6.129   <none>        80/TCP                    87d   app=peony-media-hr-file-server
peony-medical-file-server                                ClusterIP   10.0.6.31    <none>        80/TCP                    87d   app=peony-medical-file-server
peony-online-file-server                                 ClusterIP   10.0.6.217   <none>        80/TCP                    87d   app=peony-online-file-server
peony-payment-service                                    ClusterIP   10.0.6.38    <none>        9400/TCP                  87d   app=peony-payment-service
peony-sms-api                                            ClusterIP   10.0.6.204   <none>        9200/TCP                  87d   app=peony-sms-api
peony-sms-gateway                                        ClusterIP   10.0.6.7     <none>        80/TCP                    87d   app=peony-sms-gateway
peony-sms-sender                                         ClusterIP   10.0.6.135   <none>        9211/TCP                  87d   app=peony-sms-sender
peony-sms-web                                            ClusterIP   10.0.6.74    <none>        80/TCP                    61d   app=peony-sms-web
plum-gatherer-api                                        ClusterIP   10.0.6.239   <none>        80/TCP                    87d   app=plum-gatherer-api
plum-gatherer-gateway                                    ClusterIP   10.0.6.67    <none>        7010/TCP                  87d   app=plum-gatherer-gateway
plum-live-gatherer                                       ClusterIP   10.0.6.187   <none>        7011/TCP                  87d   app=plum-live-gatherer
rabbit-server                                            ClusterIP   10.0.6.125   <none>        5672/TCP,15672/TCP        68d   app=rabbit-server
redis-foundation-master                                  ClusterIP   10.0.6.127   <none>        6379/TCP                  17d   name=redis-foundation
redis-sentinel-0                                         ClusterIP   10.0.6.203   <none>        36379/TCP                 20d   <none>
redis-sentinel-1                                         ClusterIP   10.0.6.10    <none>        36379/TCP                 20d   <none>
redis-sentinel-2                                         ClusterIP   10.0.6.222   <none>        36379/TCP                 20d   <none>
redis-sms-master                                         ClusterIP   10.0.6.50    <none>        6379/TCP                  87d   name=redis-sms
redis-user-master                                        ClusterIP   10.0.6.71    <none>        6379/TCP                  87d   name=redis-user
si-console-web                                           ClusterIP   10.0.6.88    <none>        80/TCP                    87d   app=si-console-web
si-gov-admin-web                                         ClusterIP   10.0.6.152   <none>        80/TCP                    87d   app=si-gov-admin-web
society-admin-web                                        ClusterIP   10.0.6.105   <none>        80/TCP                    86d   app=society-admin-web
society-admin-web-v2                                     ClusterIP   10.0.6.119   <none>        80/TCP                    49d   app=society-admin-web-v2
society-app-config-service-v2-0                          ClusterIP   10.0.6.112   <none>        8013/TCP                  88d   app=society-app-config-service-v2-0
society-assistance-service-v1-0                          ClusterIP   10.0.6.238   <none>        8531/TCP                  88d   app=society-assistance-service-v1-0
society-authenticate-storage-service-v3-0                ClusterIP   10.0.6.177   <none>        8241/TCP                  35d   app=society-authenticate-storage-service-v3-0
society-authorization-server                             ClusterIP   10.0.6.183   <none>        10681/TCP,9010/TCP        88d   app=society-authorization-server
society-certification-service-v2-0                       ClusterIP   10.0.6.198   <none>        8215/TCP                  88d   app=society-certification-service-v2-0
society-config-app-api                                   ClusterIP   10.0.6.9     <none>        80/TCP                    80d   app=society-config-app-api
society-employment-mobile-universal-web                  ClusterIP   10.0.6.247   <none>        80/TCP                    88d   app=society-employment-mobile-universal-web
society-employment-service-v1-0                          ClusterIP   10.0.6.211   <none>        8541/TCP                  87d   app=society-employment-service-v1-0
society-im-service-v1-0                                  ClusterIP   10.0.6.235   <none>        8551/TCP                  87d   app=society-im-service-v1-0
society-insurance-app-api                                ClusterIP   10.0.6.6     <none>        80/TCP                    88d   app=society-insurance-app-api
society-insurance-foundation-service-v2-0                ClusterIP   10.0.6.49    <none>        8223/TCP                  88d   app=society-insurance-foundation-service-v2-0
society-insurance-gateway                                ClusterIP   10.0.6.202   <none>        8020/TCP                  88d   app=society-insurance-gateway
society-insurance-management-service-v2-0                NodePort    10.0.6.140   <none>        8235:31860/TCP            63d   app=society-insurance-management-service-v2-0
society-insurance-resident-service-v2-0                  ClusterIP   10.0.6.5     <none>        8311/TCP                  88d   app=society-insurance-resident-service-v2-0
society-insurance-storage-service-v2-0                   ClusterIP   10.0.6.2     <none>        8228/TCP                  88d   app=society-insurance-storage-service-v2-0
society-insurance-user-service-v2-0                      ClusterIP   10.0.6.23    <none>        8221/TCP                  88d   app=society-insurance-user-service-v2-0
society-insurance-web-api                                ClusterIP   10.0.6.236   <none>        80/TCP                    88d   app=society-insurance-web-api
society-material-h5-web                                  ClusterIP   10.0.6.43    <none>        80/TCP                    73d   app=society-material-h5-web
society-material-service-v1-0                            ClusterIP   10.0.6.241   <none>        8261/TCP                  67d   app=society-material-service-v1-0
society-material-web                                     ClusterIP   10.0.6.65    <none>        80/TCP                    83d   app=society-material-web
society-notice-service-v1-0                              ClusterIP   10.0.6.16    <none>        8561/TCP                  14d   app=society-notice-service-v1-0
society-online-business-admin-web                        ClusterIP   10.0.6.230   <none>        80/TCP                    88d   app=society-online-business-admin-web
society-online-business-configure-h5-web                 ClusterIP   10.0.6.8     <none>        80/TCP                    88d   app=society-online-business-configure-h5-web
society-online-business-mobile-web                       ClusterIP   10.0.6.137   <none>        80/TCP                    88d   app=society-online-business-mobile-web
society-online-business-mobile-web-v2-0                  ClusterIP   10.0.6.108   <none>        80/TCP                    87d   app=society-online-business-mobile-web-v2-0
society-online-business-mobile-web-v2-1                  ClusterIP   10.0.6.128   <none>        80/TCP                    87d   app=society-online-business-mobile-web-v2-1
society-online-business-processor-service-v1-0           ClusterIP   10.0.6.99    <none>        10042/TCP                 88d   app=global-online-business-processor-service-v1-0
society-online-business-service-v2-0                     ClusterIP   10.0.6.186   <none>        8216/TCP                  88d   app=society-online-business-service-v2-0
society-online-business-service-v2-1                     ClusterIP   10.0.6.162   <none>        8216/TCP                  88d   app=society-online-business-service-v2-1
society-operation-gateway                                ClusterIP   10.0.6.4     <none>        8010/TCP                  88d   app=society-operation-gateway
society-operation-user-service-v1-1                      ClusterIP   10.0.6.35    <none>        8012/TCP                  88d   app=society-operation-user-service-v1-1
society-operator-management-service-v1-0                 ClusterIP   10.0.6.234   <none>        8271/TCP                  83d   app=society-operator-management-service-v1-0
society-operator-management-web                          ClusterIP   10.0.6.150   <none>        80/TCP                    77d   app=society-operator-management-web
society-portal-mobile-universal-web                      ClusterIP   10.0.6.244   <none>        80/TCP                    88d   app=society-portal-mobile-universal-web
society-portal-nationwide-web                            ClusterIP   10.0.6.237   <none>        80/TCP                    88d   app=society-portal-nationwide-web
society-proxy-access-service-v2-0                        ClusterIP   10.0.6.243   <none>        8411/TCP                  58d   app=society-proxy-access-service-v2-0
society-resident-service-v3-0                            ClusterIP   10.0.6.63    <none>        8231/TCP                  88d   app=society-resident-service-v3-0
society-training-exam-web                                ClusterIP   10.0.6.83    <none>        80/TCP                    37d   app=society-training-exam-web
society-training-mobile-universal-web                    ClusterIP   10.0.6.210   <none>        80/TCP                    88d   app=society-training-mobile-universal-web
society-training-service-v1-0                            ClusterIP   10.0.6.36    <none>        8521/TCP                  88d   app=society-training-service-v1-0
society-user-service-v2-0                                ClusterIP   10.0.6.216   <none>        8211/TCP                  87d   app=society-user-service-v2-0
society-user-service-v3-0                                ClusterIP   10.0.6.227   <none>        8211/TCP                  88d   app=society-user-service-v3-0
sports-training-web                                      ClusterIP   10.0.6.123   <none>        80/TCP                    87d   app=sports-training-web
static-file-server                                       ClusterIP   10.0.6.73    <none>        80/TCP                    88d   app=static-file-server
traefik-ingress-controller                               ClusterIP   10.0.6.225   <none>        80/TCP,6080/TCP,443/TCP   17d   app=traefik-ingress-controller
turbine-server                                           ClusterIP   10.0.6.160   <none>        8989/TCP                  76d   app=turbine-server
weedfs-filer                                             ClusterIP   10.0.6.32    <none>        8080/TCP                  19d   app=weedfs-filer
weedfs-master                                            ClusterIP   10.0.6.91    <none>        9333/TCP                  87d   app=weedfs-master
weedfs-volume-1                                          ClusterIP   10.0.6.79    <none>        8080/TCP                  87d   app=weedfs-volume-1
zipkin-server                                            ClusterIP   10.0.6.184   <none>        9411/TCP                  48d   app=zipkin-server
zk-cs                                                    ClusterIP   10.0.6.194   <none>        2181/TCP                  76d   app=zk
zk-hs                                                    ClusterIP   None         <none>        2888/TCP,3888/TCP         76d   app=zk
[root@runsdata-test-0001 ~]# ss -antup|grep kube-proxy
tcp    LISTEN     0      128    127.0.0.1:10249                 *:*                   users:(("kube-proxy",pid=14370,fd=9))
tcp    ESTAB      0      0      10.0.0.154:59638              10.0.0.154:6443                users:(("kube-proxy",pid=14370,fd=6))
tcp    LISTEN     0      128    [::]:31860              [::]:*                   users:(("kube-proxy",pid=14370,fd=16))
tcp    LISTEN     0      128    [::]:11989              [::]:*                   users:(("kube-proxy",pid=14370,fd=18))
tcp    LISTEN     0      128    [::]:26879              [::]:*                   users:(("kube-proxy",pid=14370,fd=11))
tcp    LISTEN     0      128    [::]:8100               [::]:*                   users:(("kube-proxy",pid=14370,fd=17))
tcp    LISTEN     0      128    [::]:10055              [::]:*                   users:(("kube-proxy",pid=14370,fd=14))
tcp    LISTEN     0      128    [::]:27688              [::]:*                   users:(("kube-proxy",pid=14370,fd=13))
tcp    LISTEN     0      128    [::]:29932              [::]:*                   users:(("kube-proxy",pid=14370,fd=12))
tcp    LISTEN     0      128    [::]:4303               [::]:*                   users:(("kube-proxy",pid=14370,fd=10))
tcp    LISTEN     0      128    [::]:31504              [::]:*                   users:(("kube-proxy",pid=14370,fd=3))
tcp    LISTEN     0      128    [::]:10256              [::]:*                   users:(("kube-proxy",pid=14370,fd=8))
tcp    LISTEN     0      128    [::]:21201              [::]:*                   users:(("kube-proxy",pid=14370,fd=15))
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 31860
society-insurance-management-service-v2-0                NodePort    10.0.6.140   <none>        8235:31860/TCP            63d   app=society-insurance-management-service-v2-0
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 11989
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 26879
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 8100
config-server                                            ClusterIP   10.0.6.199   <none>        8100/TCP                  17d   app=config-server
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 10055
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 27688
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 29932
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 4303
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 31504
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 10256
[root@runsdata-test-0001 ~]# kubectl get svc -o wide |grep 21201
[root@runsdata-test-0001 ~]#

2

Answers


  1. Based on the official documentation:

    kube-proxy reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends

    Basically, it listens for the active Services and forwards them across your cluster.

    You can get the list of registered services with:

    kubectl --all-namespaces get svc
    
    Login or Signup to reply.
  2. Whenever you create a service of type ClusterIP or NodePort in kubernetes kube proxy will start listening for ports defined in these services and requests coming to those IP and port will be routed to backend pods.

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search