1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
6 kube-scheduler - Schedules containers on hosts.
7
8
9
11 kube-scheduler [OPTIONS]
12
13
14
16 The Kubernetes scheduler is a policy-rich, topology-aware, work‐
17 load-specific function that significantly impacts availability, perfor‐
18 mance, and capacity. The scheduler needs to take into account individ‐
19 ual and collective resource requirements, quality of service require‐
20 ments, hardware/software/policy constraints, affinity and anti-affinity
21 specifications, data locality, inter-workload interference, deadlines,
22 and so on. Workload-specific requirements will be exposed through the
23 API as necessary. See scheduling ⟨https://kubernetes.io/docs/con‐
24 cepts/scheduling/⟩ for more information about scheduling and the
25 kube-scheduler component.
26
27
28 kube-scheduler [flags]
29
30
31
33 --add-dir-header If true, adds the file directory to the header
34
35
36
37 --address string DEPRECATED
38 the IP address on which to listen for the --port port (set to
39 0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). See
40 --bind-address instead. (default "0.0.0.0")
41
42
43 --algorithm-provider string DEPRECATED
44 the scheduling algorithm provider to use, one of: Cluster‐
45 AutoscalerProvider | DefaultProvider
46
47
48 --alsologtostderr log to standard error as well as files
49 --authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenreviews.authentication.k8s.io. This is optional. If empty, all token requests are considered to be anonymous and no client CA is looked up in the cluster.
50 --authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.
51 --authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s)
52 --authentication-tolerate-lookup-failure If true, failures to look up missing authentication configuration from the cluster are not considered fatal. Note that this can result in authentication that treats all requests as anonymous. (default true)
53 --authorization-always-allow-paths strings A list of HTTP paths to skip during authorization, i.e. these are authorized without contacting the 'core' kubernetes server. (default [/healthz])
54 --authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. This is optional. If empty, all requests not skipped by authorization are forbidden.
55 --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)
56 --authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)
57 --azure-container-registry-config string Path to the file containing Azure container registry configuration information.
58
59
60
61 **--bind-address ip The IP
62 address on which to listen for the --secure-port port. The associated
63 interface(s) must be reachable by the rest of the cluster, and by
64 CLI/web clients. If blank or an unspecified address (0.0.0.0 or **
65 :), all interfaces will be used. (default 0.0.0.0)
66
67
68 --cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.
69 --client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
70 --config string The path to the configuration file. Flags override values in this file.
71
72
73
74 --contention-profiling DEPRECATED
75 enable lock contention profiling, if profiling is enabled
76 (default true)
77
78
79 --feature-gates mapStringBool A set of
80 key=value pairs that describe feature gates for alpha/experimental fea‐
81 tures. Options are
82
83
84 APIListChunking=true|false (BETA - default=true)
85 APIPriorityAndFairness=true|false (ALPHA - default=false)
86 APIResponseCompression=true|false (BETA - default=true)
87 AllAlpha=true|false (ALPHA - default=false)
88 AllBeta=true|false (BETA - default=false)
89 AllowInsecureBackendProxy=true|false (BETA - default=true)
90 AnyVolumeDataSource=true|false (ALPHA - default=false)
91 AppArmor=true|false (BETA - default=true)
92 BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)
93 BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)
94 CPUManager=true|false (BETA - default=true)
95 CRIContainerLogRotation=true|false (BETA - default=true)
96 CSIInlineVolume=true|false (BETA - default=true)
97 CSIMigration=true|false (BETA - default=true)
98 CSIMigrationAWS=true|false (BETA - default=false)
99 CSIMigrationAWSComplete=true|false (ALPHA - default=false)
100 CSIMigrationAzureDisk=true|false (ALPHA - default=false)
101 CSIMigrationAzureDiskComplete=true|false (ALPHA - default=false)
102 CSIMigrationAzureFile=true|false (ALPHA - default=false)
103 CSIMigrationAzureFileComplete=true|false (ALPHA - default=false)
104 CSIMigrationGCE=true|false (BETA - default=false)
105 CSIMigrationGCEComplete=true|false (ALPHA - default=false)
106 CSIMigrationOpenStack=true|false (BETA - default=false)
107 CSIMigrationOpenStackComplete=true|false (ALPHA - default=false)
108 ConfigurableFSGroupPolicy=true|false (ALPHA - default=false)
109 CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
110 DefaultIngressClass=true|false (BETA - default=true)
111 DevicePlugins=true|false (BETA - default=true)
112 DryRun=true|false (BETA - default=true)
113 DynamicAuditing=true|false (ALPHA - default=false)
114 DynamicKubeletConfig=true|false (BETA - default=true)
115 EndpointSlice=true|false (BETA - default=true)
116 EndpointSliceProxying=true|false (ALPHA - default=false)
117 EphemeralContainers=true|false (ALPHA - default=false)
118 EvenPodsSpread=true|false (BETA - default=true)
119 ExpandCSIVolumes=true|false (BETA - default=true)
120 ExpandInUsePersistentVolumes=true|false (BETA - default=true)
121 ExpandPersistentVolumes=true|false (BETA - default=true)
122 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)
123 HPAScaleToZero=true|false (ALPHA - default=false)
124 HugePageStorageMediumSize=true|false (ALPHA - default=false)
125 HyperVContainer=true|false (ALPHA - default=false)
126 IPv6DualStack=true|false (ALPHA - default=false)
127 ImmutableEphemeralVolumes=true|false (ALPHA - default=false)
128 KubeletPodResources=true|false (BETA - default=true)
129 LegacyNodeRoleBehavior=true|false (ALPHA - default=true)
130 LocalStorageCapacityIsolation=true|false (BETA - default=true)
131 LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - default=false)
132 NodeDisruptionExclusion=true|false (ALPHA - default=false)
133 NonPreemptingPriority=true|false (ALPHA - default=false)
134 PodDisruptionBudget=true|false (BETA - default=true)
135 PodOverhead=true|false (BETA - default=true)
136 ProcMountType=true|false (ALPHA - default=false)
137 QOSReserved=true|false (ALPHA - default=false)
138 RemainingItemCount=true|false (BETA - default=true)
139 RemoveSelfLink=true|false (ALPHA - default=false)
140 ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)
141 RotateKubeletClientCertificate=true|false (BETA - default=true)
142 RotateKubeletServerCertificate=true|false (BETA - default=true)
143 RunAsGroup=true|false (BETA - default=true)
144 RuntimeClass=true|false (BETA - default=true)
145 SCTPSupport=true|false (ALPHA - default=false)
146 SelectorIndex=true|false (ALPHA - default=false)
147 ServerSideApply=true|false (BETA - default=true)
148 ServiceAccountIssuerDiscovery=true|false (ALPHA - default=false)
149 ServiceAppProtocol=true|false (ALPHA - default=false)
150 ServiceNodeExclusion=true|false (ALPHA - default=false)
151 ServiceTopology=true|false (ALPHA - default=false)
152 StartupProbe=true|false (BETA - default=true)
153 StorageVersionHash=true|false (BETA - default=true)
154 SupportNodePidsLimit=true|false (BETA - default=true)
155 SupportPodPidsLimit=true|false (BETA - default=true)
156 Sysctls=true|false (BETA - default=true)
157 TTLAfterFinished=true|false (ALPHA - default=false)
158 TokenRequest=true|false (BETA - default=true)
159 TokenRequestProjection=true|false (BETA - default=true)
160 TopologyManager=true|false (BETA - default=true)
161 ValidateProxyRedirects=true|false (BETA - default=true)
162 VolumeSnapshotDataSource=true|false (BETA - default=true)
163 WinDSR=true|false (ALPHA - default=false)
164 WinOverlay=true|false (ALPHA - default=false)
165
166
167
168 --hard-pod-affinity-symmetric-weight int32 DEPRECATED
169 RequiredDuringScheduling affinity is not symmetric, but there is
170 an implicit PreferredDuringScheduling affinity rule corresponding to
171 every RequiredDuringScheduling affinity rule. --hard-pod-affinity-sym‐
172 metric-weight represents the weight of implicit PreferredDuringSchedul‐
173 ing affinity rule. Must be in the range 0-100.This option was moved to
174 the policy configuration file (default 1)
175
176
177 -h, --help help for
178 kube-scheduler
179 --http2-max-streams-per-connection int The
180 limit that the server gives to clients for the maximum number of
181 streams in an HTTP/2 connection. Zero means to use golang's default.
182 --kube-api-burst int32 DEPRECATED
183 burst to use while talking with kubernetes apiserver (default
184 100)
185
186
187 --kube-api-content-type string DEPRECATED
188 content type of requests sent to apiserver. (default "applica‐
189 tion/vnd.kubernetes.protobuf")
190
191
192 --kube-api-qps float32 DEPRECATED
193 QPS to use while talking with kubernetes apiserver (default 50)
194
195
196 --kubeconfig string DEPRECATED
197 path to kubeconfig file with authorization and master location
198 information.
199
200
201 --leader-elect Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. (default true)
202 --leader-elect-lease-duration duration The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
203 --leader-elect-renew-deadline duration The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. (default 10s)
204 --leader-elect-resource-lock endpoints The type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. (default "endpointsleases")
205 --leader-elect-resource-name string The name of resource object that is used for locking during leader election. (default "kube-scheduler")
206 --leader-elect-resource-namespace string The namespace of resource object that is used for locking during leader election. (default "kube-system")
207 --leader-elect-retry-period duration The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 2s)
208
209
210
211 --lock-object-name string DEPRECATED
212 define the name of the lock object. Will be removed in favor of
213 leader-elect-resource-name (default "kube-scheduler")
214
215
216 --lock-object-namespace string DEPRECATED
217 define the namespace of the lock object. Will be removed in favor
218 of leader-elect-resource-namespace. (default "kube-system")
219
220
221 --log-backtrace-at traceLocation when logging
222 hits line file N, emit a stack trace (default :0)
223
224
225 --log-dir string If non-empty, write log files in this directory
226 --log-file string If non-empty, use this log file
227 --log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
228 --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s)
229 --logtostderr log to standard error instead of files (default true)
230 --master string The address of the Kubernetes API server (overrides any value in kubeconfig)
231
232
233
234 --policy-config-file string DEPRECATED
235 file with scheduler policy configuration. This file is used if
236 policy ConfigMap is not provided or --use-legacy-policy-config=true
237
238
239 --policy-configmap string DEPRECATED
240 name of the ConfigMap object that contains scheduler's policy
241 configuration. It must exist in the system namespace before scheduler
242 initialization if --use-legacy-policy-config=false. The config must be
243 provided as the value of an element in 'Data' map with the key='pol‐
244 icy.cfg'
245
246
247 --policy-configmap-namespace string DEPRECATED
248 the namespace where policy ConfigMap is located. The kube-system
249 namespace will be used if this is not provided or is empty. (default
250 "kube-system")
251
252
253 --port int DEPRECATED
254 the port on which to serve HTTP insecurely without authentication
255 and authorization. If 0, don't serve plain HTTP at all. See
256 --secure-port instead. (default 10251)
257
258
259 --profiling DEPRECATED
260 enable profiling via web interface host:port/debug/pprof/
261 (default true)
262
263
264 --requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.
265
266
267
268 --requestheader-client-ca-file string Root certifi‐
269 cate bundle to use to verify client certificates on incoming requests
270 before trusting usernames in headers specified by --requestheader-user‐
271 name-headers. WARNING generally do not depend on authorization
272 being already done for incoming requests.
273
274
275 --requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])
276 --requestheader-group-headers strings List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])
277 --requestheader-username-headers strings List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])
278
279
280
281 --scheduler-name string DEPRECATED
282 name of the scheduler, used to select which pods will be pro‐
283 cessed by this scheduler, based on pod's "spec.schedulerName". (default
284 "default-scheduler")
285
286
287 --secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 10259)
288
289
290
291 --show-hidden-metrics-for-version string The previous
292 version for which you want to show hidden metrics. Only the previous
293 minor version is meaningful, other values will not be allowed. Accepted
294 format of version is ., e.g. '1.16'. The purpose of this format
295 is make sure you have the opportunity to notice if the next release
296 hides additional metrics, rather than being surprised when they are
297 permanently removed in the release after that.
298
299
300 --skip-headers If true, avoid header prefixes in the log messages
301 --skip-log-headers If true, avoid headers when opening log files
302 --stderrthreshold severity logs at or above this threshold go to stderr (default 2)
303 --tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.
304
305
306
307 --tls-cipher-suites strings Comma-sepa‐
308 rated list of cipher suites for the server. If omitted, the default Go
309 cipher suites will be use. Possible values
310 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA
311
312
313 --tls-min-version string Minimum TLS
314 version supported. Possible values VersionTLS10, VersionTLS11,
315 VersionTLS12, VersionTLS13
316
317
318 --tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
319
320
321
322 --tls-sni-cert-key namedCertKey A pair of
323 x509 certificate and private key file paths, optionally suffixed with a
324 list of domain patterns which are fully qualified domain names, possi‐
325 bly with prefixed wildcard segments. The domain patterns also allow IP
326 addresses, but IPs should only be used if the apiserver has visibility
327 to the IP address requested by a client. If no domain patterns are pro‐
328 vided, the names of the certificate are extracted. Non-wildcard matches
329 trump over wildcard matches, explicit domain patterns trump over
330 extracted names. For multiple key/certificate pairs, use the
331 --tls-sni-cert-key multiple times. Examples "example.crt,exam‐
332 ple.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])
333
334
335 --use-legacy-policy-config DEPRECATED
336 when set to true, scheduler will ignore policy ConfigMap and uses
337 policy config file
338
339
340 -v, --v Level number
341 for the log level verbosity
342 --version version[=true] Print
343 version information and quit
344 --vmodule moduleSpec
345 comma-separated list of pattern=N settings for file-filtered logging
346 --write-config-to string If set,
347 write the configuration values to this file and exit.
348
349
350
352 /usr/bin/kube-scheduler --logtostderr=true --v=0 --mas‐
353 ter=127.0.0.1:8080
354
355
356
357Manuals User KUBERNETES(1)(kubernetes)