• A process, running on all the nodes in a cluster, that implements network address translation of packets going to a service, so that they are sent to the backend pods. It does not implement pod networking, that’s the job of CNI plugin.
• Running on every node, it listens for new service creation, at which it creates IP table rules on that node to route traffic going to that service to the backend pods running on the node. If the cluster spans multiple nodes, the CNI plugin should be working to ensure pod connectivity across the cluster.
• When setting up the cluster from scratch, download the kube-proxy binary and run it as a service on every node.
• If the cluster is set up using KubeAdmin, the kube-proxy is automatically deployed as a daemonset (one pod on every node) in the kube-system namespace.
• Excellent explanation of how KubeProxy works - Demystifying kube-proxy | Mayank Shah