LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Kubernetes and Cloud Native Security Associate (KCSA) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

kube-proxy

kube-proxy

From the course: Kubernetes and Cloud Native Security Associate (KCSA) Cert Prep

Start my 1-month free trial Buy for my team

kube-proxy

“

All right. So next we have the kube-proxy. And kube-proxy is all about local networking and it's used to manage network communications for all of your pods. So in terms of securing it, it falls into the same protocols as the Kubelet and really what it comes down to is restricting permissions. Now one thing I want to bring up, which I don't believe is on the exam, but it's still really, really important knowledge to have, and that's eBPF. So eBPF gives you the ability to completely remove kube-proxy. But why would you want to do that? Well, here's the thing. Underneath the hood, kube-proxy uses iptables. And you can think of iptables like firewall rules. Now the problem is that once you have a lot of iptables, scaling ends up becoming very, very slow. And it's a nightmare. And security isn't well guaranteed. So with eBPF, it removes the need for kube-proxy completely, which removes the need for IP tables and ultimately ends up in a far safer, more secure, very highly scalable…

Contents