Interview Kubernetes, Docker, Helm & Podman

What is kube-proxy, and how does it implement Service routing (iptables vs IPVS)?

Kubernetes, Docker, Helm & Podman · Basic level

Answer

kube-proxy watches Services and EndpointSlices and programs node-level forwarding rules. It commonly uses iptables or IPVS, while some clusters replace that path with eBPF-based implementations such as Cilium.

Technical explanation

iptables mode is common and rule-based; IPVS can be more efficient for very large service tables.

Even when kube-proxy is healthy, wrong selectors or readiness failures can still leave a Service with no endpoints.

Kubernetes networking separates identity and discovery from Pod IP churn by using Services, DNS, EndpointSlices, and routing rules.

Security is not automatic in the flat Pod network; NetworkPolicy and application auth are required for segmentation.

Cloud integrations such as EKS load balancers add provider-specific annotations, subnet tagging, health checks, and security group behavior.

Hands-on example

1. Deploy an app Pod and a temporary debug Pod to test this traffic path with nslookup, dig, curl, and kubectl get endpointslices: inspect Service routing through EndpointSlices and node proxy rules.

2. Add or change Service, Ingress, CNI, or NetworkPolicy resources one at a time and observe the traffic path.

3. Validate both allowed and denied flows so you know the policy is actually enforced by the CNI.

4. Record the troubleshooting path from DNS to Service to endpoint to Pod logs.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Kubernetes, Docker, Helm & Podman interview questions

← All Kubernetes, Docker, Helm & Podman questions