kube-proxy: iptables, IPVS, and Service Routing

You create a Service, kubectl reports a ClusterIP, and traffic flows. Until it doesn't. A Pod stops receiving requests, session affinity routes everyone to the same backend, or rule synchronization takes 30 seconds in a 5,000-Service cluster. That's when "it just works" stops being a satisfying answer and you need to understand kube-proxy.

kube-proxy is the node-level component responsible for translating the Service abstraction into actual packet-forwarding rules in the Linux kernel. It watches the API server for Service and EndpointSlice changes, then programs iptables, IPVS, or nftables to capture traffic destined for virtual IPs and redirect it to backend Pods. The CKA Services & Networking domain (20%) expects you to understand not just that Services exist, but how the routing actually works under the hood.