1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl drain - Drain node in preparation for maintenance
7
11 kubectl drain [OPTIONS]
12
16 Drain node in preparation for maintenance.
17 The given node will be marked unschedulable to prevent new pods from
20 arriving. 'drain' evicts the pods if the APIServer supports eviction (
21 ⟨http://kubernetes.io/docs/admin/disruptions/⟩). Otherwise, it will use
22 normal DELETE to delete the pods. The 'drain' evicts or deletes all
23 pods except mirror pods (which cannot be deleted through the API
24 server). If there are DaemonSet-managed pods, drain will not proceed
25 without --ignore-daemonsets, and regardless it will not delete any Dae‐
26 monSet-managed pods, because those pods would be immediately replaced
27 by the DaemonSet controller, which ignores unschedulable markings. If
28 there are any pods that are neither mirror pods nor managed by Replica‐
29 tionController, ReplicaSet, DaemonSet, StatefulSet or Job, then drain
30 will not delete any pods unless you use --force. --force will also
31 allow deletion to proceed if the managing resource of one or more pods
32 is missing.
33 When you are ready to put the node back into service, use kubectl
36 uncordon, which will make the node schedulable again.
37 ! ⟨http://kubernetes.io/images/docs/kubectl_drain.svg⟩
40
44 --delete-local-data=false
45 Continue even if there are pods using emptyDir (local data that
46 will be deleted when the node is drained).
47 --dry-run=false
50 If true, only print the object that would be sent, without sending
51 it.
52 --force=false
55 Continue even if there are pods not managed by a ReplicationCon‐
56 troller, ReplicaSet, Job, DaemonSet or StatefulSet.
57 --grace-period=-1
60 Period of time in seconds given to each pod to terminate grace‐
61 fully. If negative, the default value specified in the pod will be
62 used.
63 --ignore-daemonsets=false
66 Ignore DaemonSet-managed pods.
67 --pod-selector=""
70 Label selector to filter pods on the node
71 -l, --selector=""
74 Selector (label query) to filter on
75 --timeout=0s
78 The length of time to wait before giving up, zero means infinite
79
83 --allow-verification-with-non-compliant-keys=false
84 Allow a SignatureVerifier to use keys which are technically
85 non-compliant with RFC6962.
86 --alsologtostderr=false
89 log to standard error as well as files
90 --application-metrics-count-limit=100
93 Max number of application metrics to store (per container)
94 --as=""
97 Username to impersonate for the operation
98 --as-group=[]
101 Group to impersonate for the operation, this flag can be repeated
102 to specify multiple groups.
103 --azure-container-registry-config=""
106 Path to the file containing Azure container registry configuration
107 information.
108 --boot-id-file="/proc/sys/kernel/random/boot_id"
111 Comma-separated list of files to check for boot-id. Use the first
112 one that exists.
113 --cache-dir="/builddir/.kube/http-cache"
116 Default HTTP cache directory
117 --certificate-authority=""
120 Path to a cert file for the certificate authority
121 --client-certificate=""
124 Path to a client certificate file for TLS
125 --client-key=""
128 Path to a client key file for TLS
129 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
132 CIDRs opened in GCE firewall for LB traffic proxy health checks
133 --cluster=""
136 The name of the kubeconfig cluster to use
137 --container-hints="/etc/cadvisor/container_hints.json"
140 location of the container hints file
141 --containerd="unix:///var/run/containerd.sock"
144 containerd endpoint
145 --context=""
148 The name of the kubeconfig context to use
149 --default-not-ready-toleration-seconds=300
152 Indicates the tolerationSeconds of the toleration for
153 notReady:NoExecute that is added by default to every pod that does not
154 already have such a toleration.
155 --default-unreachable-toleration-seconds=300
158 Indicates the tolerationSeconds of the toleration for unreach‐
159 able:NoExecute that is added by default to every pod that does not
160 already have such a toleration.
161 --docker="unix:///var/run/docker.sock"
164 docker endpoint
165 --docker-env-metadata-whitelist=""
168 a comma-separated list of environment variable keys that needs to
169 be collected for docker containers
170 --docker-only=false
173 Only report docker containers in addition to root stats
174 --docker-root="/var/lib/docker"
177 DEPRECATED: docker root is read from docker info (this is a fall‐
178 back, default: /var/lib/docker)
179 --docker-tls=false
182 use TLS to connect to docker
183 --docker-tls-ca="ca.pem"
186 path to trusted CA
187 --docker-tls-cert="cert.pem"
190 path to client certificate
191 --docker-tls-key="key.pem"
194 path to private key
195 --enable-load-reader=false
198 Whether to enable cpu load reader
199 --event-storage-age-limit="default=0"
202 Max length of time for which to store events (per type). Value is a
203 comma separated list of key values, where the keys are event types
204 (e.g.: creation, oom) or "default" and the value is a duration. Default
205 is applied to all non-specified event types
206 --event-storage-event-limit="default=0"
209 Max number of events to store (per type). Value is a comma sepa‐
210 rated list of key values, where the keys are event types (e.g.: cre‐
211 ation, oom) or "default" and the value is an integer. Default is
212 applied to all non-specified event types
213 --global-housekeeping-interval=1m0s
216 Interval between global housekeepings
217 --google-json-key=""
220 The Google Cloud Platform Service Account JSON Key to use for
221 authentication.
222 --housekeeping-interval=10s
225 Interval between container housekeepings
226 --insecure-skip-tls-verify=false
229 If true, the server's certificate will not be checked for validity.
230 This will make your HTTPS connections insecure
231 --kubeconfig=""
234 Path to the kubeconfig file to use for CLI requests.
235 --log-backtrace-at=:0
238 when logging hits line file:N, emit a stack trace
239 --log-cadvisor-usage=false
242 Whether to log the usage of the cAdvisor container
243 --log-dir=""
246 If non-empty, write log files in this directory
247 --log-flush-frequency=5s
250 Maximum number of seconds between log flushes
251 --logtostderr=true
254 log to standard error instead of files
255 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
258 Comma-separated list of files to check for machine-id. Use the
259 first one that exists.
260 --match-server-version=false
263 Require server version to match client version
264 --mesos-agent="127.0.0.1:5051"
267 Mesos agent address
268 --mesos-agent-timeout=10s
271 Mesos agent timeout
272 -n, --namespace=""
275 If present, the namespace scope for this CLI request
276 --request-timeout="0"
279 The length of time to wait before giving up on a single server
280 request. Non-zero values should contain a corresponding time unit (e.g.
281 1s, 2m, 3h). A value of zero means don't timeout requests.
282 -s, --server=""
285 The address and port of the Kubernetes API server
286 --stderrthreshold=2
289 logs at or above this threshold go to stderr
290 --storage-driver-buffer-duration=1m0s
293 Writes in the storage driver will be buffered for this duration,
294 and committed to the non memory backends as a single transaction
295 --storage-driver-db="cadvisor"
298 database name
299 --storage-driver-host="localhost:8086"
302 database host:port
303 --storage-driver-password="root"
306 database password
307 --storage-driver-secure=false
310 use secure connection with database
311 --storage-driver-table="stats"
314 table name
315 --storage-driver-user="root"
318 database username
319 --token=""
322 Bearer token for authentication to the API server
323 --user=""
326 The name of the kubeconfig user to use
327 -v, --v=0
330 log level for V logs
331 --version=false
334 Print version information and quit
335 --vmodule=
338 comma-separated list of pattern=N settings for file-filtered log‐
339 ging
340
344 # Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
345 $ kubectl drain foo --force
346 # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
348 $ kubectl drain foo --grace-period=900
349
354 kubectl(1),
355
359 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
360 com) based on the kubernetes source material, but hopefully they have
361 been automatically generated since!
362Eric Paris kubernetes User Manuals KUBERNETES(1)
