1KUBERNETES(1)                      Jan 2015                      KUBERNETES(1)
2
3
4

NAME

6       kubectl drain - Drain node in preparation for maintenance
7
8
9

SYNOPSIS

11       kubectl drain [OPTIONS]
12
13
14

DESCRIPTION

16       Drain node in preparation for maintenance.
17
18
19       The given node will be marked unschedulable to prevent new pods from
20       arriving. 'drain' evicts the pods if the APIServer
21       supportshttp://kubernetes.io/docs/admin/disruptions/ . Otherwise, it
22       will use normal DELETE to delete the pods. The 'drain' evicts or
23       deletes all pods except mirror pods (which cannot be deleted through
24       the API server).  If there are DaemonSet-managed pods, drain will not
25       proceed without --ignore-daemonsets, and regardless it will not delete
26       any DaemonSet-managed pods, because those pods would be immediately
27       replaced by the DaemonSet controller, which ignores unschedulable
28       markings.  If there are any pods that are neither mirror pods nor
29       managed by ReplicationController, ReplicaSet, DaemonSet, StatefulSet or
30       Job, then drain will not delete any pods unless you use --force.
31       --force will also allow deletion to proceed if the managing resource of
32       one or more pods is missing.
33
34
35       'drain' waits for graceful termination. You should not operate on the
36       machine until the command completes.
37
38
39       When you are ready to put the node back into service, use kubectl
40       uncordon, which will make the node schedulable again.
41
42
43http://kubernetes.io/images/docs/kubectl_drain.svg
44
45
46

OPTIONS

48       --delete-local-data=false
49           Continue even if there are pods using emptyDir (local data that
50       will be deleted when the node is drained).
51
52
53       --disable-eviction=false
54           Force drain to use delete, even if eviction is supported. This will
55       bypass checking PodDisruptionBudgets, use with caution.
56
57
58       --dry-run="none"
59           Must be "none", "server", or "client". If client strategy, only
60       print the object that would be sent, without sending it. If server
61       strategy, submit server-side request without persisting the resource.
62
63
64       --force=false
65           Continue even if there are pods not managed by a
66       ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
67
68
69       --grace-period=-1
70           Period of time in seconds given to each pod to terminate
71       gracefully. If negative, the default value specified in the pod will be
72       used.
73
74
75       --ignore-daemonsets=false
76           Ignore DaemonSet-managed pods.
77
78
79       --pod-selector=""
80           Label selector to filter pods on the node
81
82
83       -l, --selector=""
84           Selector (label query) to filter on
85
86
87       --skip-wait-for-delete-timeout=0
88           If pod DeletionTimestamp older than N seconds, skip waiting for the
89       pod.  Seconds must be greater than 0 to skip.
90
91
92       --timeout=0s
93           The length of time to wait before giving up, zero means infinite
94
95
96

OPTIONS INHERITED FROM PARENT COMMANDS

98       --add-dir-header=false
99           If true, adds the file directory to the header
100
101
102       --alsologtostderr=false
103           log to standard error as well as files
104
105
106       --application-metrics-count-limit=100
107           Max number of application metrics to store (per container)
108
109
110       --as=""
111           Username to impersonate for the operation
112
113
114       --as-group=[]
115           Group to impersonate for the operation, this flag can be repeated
116       to specify multiple groups.
117
118
119       --azure-container-registry-config=""
120           Path to the file containing Azure container registry configuration
121       information.
122
123
124       --boot-id-file="/proc/sys/kernel/random/boot_id"
125           Comma-separated list of files to check for boot-id. Use the first
126       one that exists.
127
128
129       --cache-dir="/builddir/.kube/http-cache"
130           Default HTTP cache directory
131
132
133       --certificate-authority=""
134           Path to a cert file for the certificate authority
135
136
137       --client-certificate=""
138           Path to a client certificate file for TLS
139
140
141       --client-key=""
142           Path to a client key file for TLS
143
144
145       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
146           CIDRs opened in GCE firewall for L7 LB traffic proxy  health checks
147
148
149       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
150           CIDRs opened in GCE firewall for L4 LB traffic proxy  health checks
151
152
153       --cluster=""
154           The name of the kubeconfig cluster to use
155
156
157       --container-hints="/etc/cadvisor/container_hints.json"
158           location of the container hints file
159
160
161       --containerd="/run/containerd/containerd.sock"
162           containerd endpoint
163
164
165       --containerd-namespace="k8s.io"
166           containerd namespace
167
168
169       --context=""
170           The name of the kubeconfig context to use
171
172
173       --default-not-ready-toleration-seconds=300
174           Indicates the tolerationSeconds of the toleration for
175       notReady:NoExecute that is added by default to every pod that does not
176       already have such a toleration.
177
178
179       --default-unreachable-toleration-seconds=300
180           Indicates the tolerationSeconds of the toleration for
181       unreachable:NoExecute that is added by default to every pod that does
182       not already have such a toleration.
183
184
185       --disable-root-cgroup-stats=false
186           Disable collecting root Cgroup stats
187
188
189       --docker="unix:///var/run/docker.sock"
190           docker endpoint
191
192
193       --docker-env-metadata-whitelist=""
194           a comma-separated list of environment variable keys that needs to
195       be collected for docker containers
196
197
198       --docker-only=false
199           Only report docker containers in addition to root stats
200
201
202       --docker-root="/var/lib/docker"
203           DEPRECATED: docker root is read from docker info (this is a
204       fallback, default: /var/lib/docker)
205
206
207       --docker-tls=false
208           use TLS to connect to docker
209
210
211       --docker-tls-ca="ca.pem"
212           path to trusted CA
213
214
215       --docker-tls-cert="cert.pem"
216           path to client certificate
217
218
219       --docker-tls-key="key.pem"
220           path to private key
221
222
223       --enable-load-reader=false
224           Whether to enable cpu load reader
225
226
227       --event-storage-age-limit="default=0"
228           Max length of time for which to store events (per type). Value is a
229       comma separated list of key values, where the keys are event types
230       (e.g.: creation, oom) or "default" and the value is a duration. Default
231       is applied to all non-specified event types
232
233
234       --event-storage-event-limit="default=0"
235           Max number of events to store (per type). Value is a comma
236       separated list of key values, where the keys are event types (e.g.:
237       creation, oom) or "default" and the value is an integer. Default is
238       applied to all non-specified event types
239
240
241       --global-housekeeping-interval=1m0s
242           Interval between global housekeepings
243
244
245       --housekeeping-interval=10s
246           Interval between container housekeepings
247
248
249       --insecure-skip-tls-verify=false
250           If true, the server's certificate will not be checked for validity.
251       This will make your HTTPS connections insecure
252
253
254       --kubeconfig=""
255           Path to the kubeconfig file to use for CLI requests.
256
257
258       --log-backtrace-at=:0
259           when logging hits line file:N, emit a stack trace
260
261
262       --log-cadvisor-usage=false
263           Whether to log the usage of the cAdvisor container
264
265
266       --log-dir=""
267           If non-empty, write log files in this directory
268
269
270       --log-file=""
271           If non-empty, use this log file
272
273
274       --log-file-max-size=1800
275           Defines the maximum size a log file can grow to. Unit is megabytes.
276       If the value is 0, the maximum file size is unlimited.
277
278
279       --log-flush-frequency=5s
280           Maximum number of seconds between log flushes
281
282
283       --logtostderr=true
284           log to standard error instead of files
285
286
287       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
288           Comma-separated list of files to check for machine-id. Use the
289       first one that exists.
290
291
292       --match-server-version=false
293           Require server version to match client version
294
295
296       -n, --namespace=""
297           If present, the namespace scope for this CLI request
298
299
300       --password=""
301           Password for basic authentication to the API server
302
303
304       --profile="none"
305           Name of profile to capture. One of
306       (none|cpu|heap|goroutine|threadcreate|block|mutex)
307
308
309       --profile-output="profile.pprof"
310           Name of the file to write the profile to
311
312
313       --request-timeout="0"
314           The length of time to wait before giving up on a single server
315       request. Non-zero values should contain a corresponding time unit (e.g.
316       1s, 2m, 3h). A value of zero means don't timeout requests.
317
318
319       -s, --server=""
320           The address and port of the Kubernetes API server
321
322
323       --skip-headers=false
324           If true, avoid header prefixes in the log messages
325
326
327       --skip-log-headers=false
328           If true, avoid headers when opening log files
329
330
331       --stderrthreshold=2
332           logs at or above this threshold go to stderr
333
334
335       --storage-driver-buffer-duration=1m0s
336           Writes in the storage driver will be buffered for this duration,
337       and committed to the non memory backends as a single transaction
338
339
340       --storage-driver-db="cadvisor"
341           database name
342
343
344       --storage-driver-host="localhost:8086"
345           database host:port
346
347
348       --storage-driver-password="root"
349           database password
350
351
352       --storage-driver-secure=false
353           use secure connection with database
354
355
356       --storage-driver-table="stats"
357           table name
358
359
360       --storage-driver-user="root"
361           database username
362
363
364       --tls-server-name=""
365           Server name to use for server certificate validation. If it is not
366       provided, the hostname used to contact the server is used
367
368
369       --token=""
370           Bearer token for authentication to the API server
371
372
373       --update-machine-info-interval=5m0s
374           Interval between machine info updates.
375
376
377       --user=""
378           The name of the kubeconfig user to use
379
380
381       --username=""
382           Username for basic authentication to the API server
383
384
385       -v, --v=0
386           number for the log level verbosity
387
388
389       --version=false
390           Print version information and quit
391
392
393       --vmodule=
394           comma-separated list of pattern=N settings for file-filtered
395       logging
396
397
398

EXAMPLE

400                # Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
401                $ kubectl drain foo --force
402
403                # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
404                $ kubectl drain foo --grace-period=900
405
406
407
408

SEE ALSO

410       kubectl(1),
411
412
413

HISTORY

415       January 2015, Originally compiled by Eric Paris (eparis at redhat dot
416       com) based on the kubernetes source material, but hopefully they have
417       been automatically generated since!
418
419
420
421Eric Paris                  kubernetes User Manuals              KUBERNETES(1)
Impressum