1KUBERNETES(1) General Commands Manual KUBERNETES(1)
2
3
4
6 kube-scheduler - Schedules containers on hosts.
7
8
9
11 kube-scheduler [OPTIONS]
12
13
14
16 The Kubernetes scheduler is a policy-rich, topology-aware,
17 workload-specific function that significantly impacts availability,
18 performance, and capacity. The scheduler needs to take into account
19 individual and collective resource requirements, quality of service
20 requirements, hardware/software/policy constraints, affinity and
21 anti-affinity specifications, data locality, inter-workload
22 interference, deadlines, and so on. Workload-specific requirements will
23 be exposed through the API as necessary.
24
25
26 kube-scheduler [flags]
27
28
29
31 --address string DEPRECATED
32 the IP address on which to listen for the --port port (set to
33 0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). See
34 --bind-address instead. (default "0.0.0.0")
35
36
37 --algorithm-provider string DEPRECATED
38 the scheduling algorithm provider to use, one of:
39 ClusterAutoscalerProvider | DefaultProvider
40
41
42 --alsologtostderr log to standard error as well as files
43 --authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. This is optional. If empty, all token requests are considered to be anonymous and no client CA is looked up in the cluster.
44 --authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.
45 --authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s)
46 --authentication-tolerate-lookup-failure If true, failures to look up missing authentication configuration from the cluster are not considered fatal. Note that this can result in authentication that treats all requests as anonymous. (default true)
47 --authorization-always-allow-paths strings A list of HTTP paths to skip during authorization, i.e. these are authorized without contacting the 'core' kubernetes server. (default [/healthz])
48 --authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. This is optional. If empty, all requests not skipped by authorization are forbidden.
49 --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)
50 --authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)
51 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
52
53
54
55 **--bind-address ip The IP
56 address on which to listen for the --secure-port port. The associated
57 interface(s) must be reachable by the rest of the cluster, and by
58 CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all
59 IPv4 interfaces and **
60 : for all IPv6 interfaces). (default 0.0.0.0)
61
62
63 --cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.
64 --client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
65 --config string The path to the configuration file. Flags override values in this file.
66
67
68
69 --contention-profiling DEPRECATED
70 enable lock contention profiling, if profiling is enabled
71
72
73 --feature-gates mapStringBool A set of
74 key=value pairs that describe feature gates for alpha/experimental
75 features. Options are
76
77
78 APIListChunking=true|false (BETA - default=true)
79 APIResponseCompression=true|false (ALPHA - default=false)
80 AllAlpha=true|false (ALPHA - default=false)
81 AppArmor=true|false (BETA - default=true)
82 AttachVolumeLimit=true|false (BETA - default=true)
83 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
84 BlockVolume=true|false (BETA - default=true)
85 BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)
86 CPUManager=true|false (BETA - default=true)
87 CRIContainerLogRotation=true|false (BETA - default=true)
88 CSIBlockVolume=true|false (ALPHA - default=false)
89 CSIDriverRegistry=true|false (ALPHA - default=false)
90 CSINodeInfo=true|false (ALPHA - default=false)
91 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
92 CustomPodDNS=true|false (BETA - default=true)
93 CustomResourceSubresources=true|false (BETA - default=true)
94 CustomResourceValidation=true|false (BETA - default=true)
95 CustomResourceWebhookConversion=true|false (ALPHA - default=false)
96 DebugContainers=true|false (ALPHA - default=false)
97 DevicePlugins=true|false (BETA - default=true)
98 DryRun=true|false (BETA - default=true)
99 DynamicAuditing=true|false (ALPHA - default=false)
100 DynamicKubeletConfig=true|false (BETA - default=true)
101 EnableEquivalenceClassCache=true|false (ALPHA - default=false)
102 ExpandInUsePersistentVolumes=true|false (ALPHA - default=false)
103 ExpandPersistentVolumes=true|false (BETA - default=true)
104 ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)
105 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
106 HugePages=true|false (BETA - default=true)
107 HyperVContainer=true|false (ALPHA - default=false)
108 Initializers=true|false (ALPHA - default=false)
109 KubeletPodResources=true|false (ALPHA - default=false)
110 LocalStorageCapacityIsolation=true|false (BETA - default=true)
111 MountContainers=true|false (ALPHA - default=false)
112 NodeLease=true|false (ALPHA - default=false)
113 PersistentLocalVolumes=true|false (BETA - default=true)
114 PodPriority=true|false (BETA - default=true)
115 PodReadinessGates=true|false (BETA - default=true)
116 PodShareProcessNamespace=true|false (BETA - default=true)
117 ProcMountType=true|false (ALPHA - default=false)
118 QOSReserved=true|false (ALPHA - default=false)
119 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
120 ResourceQuotaScopeSelectors=true|false (BETA - default=true)
121 RotateKubeletClientCertificate=true|false (BETA - default=true)
122 RotateKubeletServerCertificate=true|false (BETA - default=true)
123 RunAsGroup=true|false (ALPHA - default=false)
124 RuntimeClass=true|false (ALPHA - default=false)
125 SCTPSupport=true|false (ALPHA - default=false)
126 ScheduleDaemonSetPods=true|false (BETA - default=true)
127 ServiceNodeExclusion=true|false (ALPHA - default=false)
128 StreamingProxyRedirects=true|false (BETA - default=true)
129 SupportPodPidsLimit=true|false (ALPHA - default=false)
130 Sysctls=true|false (BETA - default=true)
131 TTLAfterFinished=true|false (ALPHA - default=false)
132 TaintBasedEvictions=true|false (BETA - default=true)
133 TaintNodesByCondition=true|false (BETA - default=true)
134 TokenRequest=true|false (BETA - default=true)
135 TokenRequestProjection=true|false (BETA - default=true)
136 ValidateProxyRedirects=true|false (ALPHA - default=false)
137 VolumeSnapshotDataSource=true|false (ALPHA - default=false)
138 VolumeSubpathEnvExpansion=true|false (ALPHA - default=false)
139
140
141
142 -h, --help help for
143 kube-scheduler
144 --http2-max-streams-per-connection int The
145 limit that the server gives to clients for the maximum number of
146 streams in an HTTP/2 connection. Zero means to use golang's default.
147 --kube-api-burst int32 DEPRECATED
148 burst to use while talking with kubernetes apiserver (default 100)
149
150
151 --kube-api-content-type string DEPRECATED
152 content type of requests sent to apiserver. (default
153 "application/vnd.kubernetes.protobuf")
154
155
156 --kube-api-qps float32 DEPRECATED
157 QPS to use while talking with kubernetes apiserver (default 50)
158
159
160 --kubeconfig string DEPRECATED
161 path to kubeconfig file with authorization and master location
162 information.
163
164
165 --leader-elect Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. (default true)
166 --leader-elect-lease-duration duration The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
167 --leader-elect-renew-deadline duration The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 10s)
168 --leader-elect-resource-lock endpoints The type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. (default "endpoints")
169 --leader-elect-retry-period duration The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 2s)
170
171
172
173 --lock-object-name string DEPRECATED
174 define the name of the lock object. (default "kube-scheduler")
175
176
177 --lock-object-namespace string DEPRECATED
178 define the namespace of the lock object. (default "kube-system")
179
180
181 --log-backtrace-at traceLocation when logging
182 hits line file
183 N, emit a stack trace (default :0)
184
185
186 --log-dir string If non-empty, write log files in this directory
187 --log-file string If non-empty, use this log file
188 --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s)
189 --logtostderr log to standard error instead of files (default true)
190 --master string The address of the Kubernetes API server (overrides any value in kubeconfig)
191
192
193
194 --policy-config-file string DEPRECATED
195 file with scheduler policy configuration. This file is used if
196 policy ConfigMap is not provided or --use-legacy-policy-config=true
197
198
199 --policy-configmap string DEPRECATED
200 name of the ConfigMap object that contains scheduler's policy
201 configuration. It must exist in the system namespace before scheduler
202 initialization if --use-legacy-policy-config=false. The config must be
203 provided as the value of an element in 'Data' map with the
204 key='policy.cfg'
205
206
207 --policy-configmap-namespace string DEPRECATED
208 the namespace where policy ConfigMap is located. The kube-system
209 namespace will be used if this is not provided or is empty. (default
210 "kube-system")
211
212
213 --port int DEPRECATED
214 the port on which to serve HTTP insecurely without authentication
215 and authorization. If 0, don't serve HTTPS at all. See --secure-port
216 instead. (default 10251)
217
218
219 --profiling DEPRECATED
220 enable profiling via web interface host:port/debug/pprof/
221
222
223 --requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.
224
225
226
227 --requestheader-client-ca-file string Root
228 certificate bundle to use to verify client certificates on incoming
229 requests before trusting usernames in headers specified by
230 --requestheader-username-headers. WARNING
231 generally do not depend on authorization being already done for
232 incoming requests.
233
234
235 --requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])
236 --requestheader-group-headers strings List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])
237 --requestheader-username-headers strings List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])
238
239
240
241 --scheduler-name string DEPRECATED
242 name of the scheduler, used to select which pods will be processed
243 by this scheduler, based on pod's "spec.schedulerName". (default
244 "default-scheduler")
245
246
247 --secure-port int The port on which to serve HTTPS with authentication and authorization.If 0, don't serve HTTPS at all. (default 10259)
248 --skip-headers If true, avoid header prefixes in the log messages
249 --stderrthreshold severity logs at or above this threshold go to stderr (default 2)
250 --tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.
251
252
253
254 --tls-cipher-suites strings
255 Comma-separated list of cipher suites for the server. If omitted, the
256 default Go cipher suites will be use. Possible values
257 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
258
259
260 --tls-min-version string Minimum TLS
261 version supported. Possible values
262 VersionTLS10, VersionTLS11, VersionTLS12
263
264
265 --tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
266
267
268
269 --tls-sni-cert-key namedCertKey A pair of
270 x509 certificate and private key file paths, optionally suffixed with a
271 list of domain patterns which are fully qualified domain names,
272 possibly with prefixed wildcard segments. If no domain patterns are
273 provided, the names of the certificate are extracted. Non-wildcard
274 matches trump over wildcard matches, explicit domain patterns trump
275 over extracted names. For multiple key/certificate pairs, use the
276 --tls-sni-cert-key multiple times. Examples
277 "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".
278 (default [])
279
280
281 --use-legacy-policy-config DEPRECATED
282 when set to true, scheduler will ignore policy ConfigMap and uses
283 policy config file
284
285
286 -v, --v Level log level
287 for V logs
288 --version version[=true] Print
289 version information and quit
290 --vmodule moduleSpec
291 comma-separated list of pattern=N settings for file-filtered logging
292 --write-config-to string If set,
293 write the configuration values to this file and exit.
294
295
296
298 /usr/bin/kube-scheduler --logtostderr=true --v=0
299 --master=127.0.0.1:8080
300
301
302
303 kubernetes User Manuals KUBERNETES(1)