1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl drain - Drain node in preparation for maintenance
7
8
9
11 kubectl drain [OPTIONS]
12
13
14
16 Drain node in preparation for maintenance.
17
18
19 The given node will be marked unschedulable to prevent new pods from
20 arriving. 'drain' evicts the pods if the APIServer
21 supportshttp://kubernetes.io/docs/admin/disruptions/ . Otherwise, it
22 will use normal DELETE to delete the pods. The 'drain' evicts or
23 deletes all pods except mirror pods (which cannot be deleted through
24 the API server). If there are DaemonSet-managed pods, drain will not
25 proceed without --ignore-daemonsets, and regardless it will not delete
26 any DaemonSet-managed pods, because those pods would be immediately
27 replaced by the DaemonSet controller, which ignores unschedulable
28 markings. If there are any pods that are neither mirror pods nor
29 managed by ReplicationController, ReplicaSet, DaemonSet, StatefulSet or
30 Job, then drain will not delete any pods unless you use --force.
31 --force will also allow deletion to proceed if the managing resource of
32 one or more pods is missing.
33
34
35 'drain' waits for graceful termination. You should not operate on the
36 machine until the command completes.
37
38
39 When you are ready to put the node back into service, use kubectl
40 uncordon, which will make the node schedulable again.
41
42
43 ⟨http://kubernetes.io/images/docs/kubectl_drain.svg⟩
44
45
46
48 --delete-local-data=false
49 Continue even if there are pods using emptyDir (local data that
50 will be deleted when the node is drained).
51
52
53 --disable-eviction=false
54 Force drain to use delete, even if eviction is supported. This will
55 bypass checking PodDisruptionBudgets, use with caution.
56
57
58 --dry-run="none"
59 Must be "none", "server", or "client". If client strategy, only
60 print the object that would be sent, without sending it. If server
61 strategy, submit server-side request without persisting the resource.
62
63
64 --force=false
65 Continue even if there are pods not managed by a
66 ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
67
68
69 --grace-period=-1
70 Period of time in seconds given to each pod to terminate
71 gracefully. If negative, the default value specified in the pod will be
72 used.
73
74
75 --ignore-daemonsets=false
76 Ignore DaemonSet-managed pods.
77
78
79 --pod-selector=""
80 Label selector to filter pods on the node
81
82
83 -l, --selector=""
84 Selector (label query) to filter on
85
86
87 --skip-wait-for-delete-timeout=0
88 If pod DeletionTimestamp older than N seconds, skip waiting for the
89 pod. Seconds must be greater than 0 to skip.
90
91
92 --timeout=0s
93 The length of time to wait before giving up, zero means infinite
94
95
96
98 --add-dir-header=false
99 If true, adds the file directory to the header
100
101
102 --alsologtostderr=false
103 log to standard error as well as files
104
105
106 --application-metrics-count-limit=100
107 Max number of application metrics to store (per container)
108
109
110 --as=""
111 Username to impersonate for the operation
112
113
114 --as-group=[]
115 Group to impersonate for the operation, this flag can be repeated
116 to specify multiple groups.
117
118
119 --azure-container-registry-config=""
120 Path to the file containing Azure container registry configuration
121 information.
122
123
124 --boot-id-file="/proc/sys/kernel/random/boot_id"
125 Comma-separated list of files to check for boot-id. Use the first
126 one that exists.
127
128
129 --cache-dir="/builddir/.kube/http-cache"
130 Default HTTP cache directory
131
132
133 --certificate-authority=""
134 Path to a cert file for the certificate authority
135
136
137 --client-certificate=""
138 Path to a client certificate file for TLS
139
140
141 --client-key=""
142 Path to a client key file for TLS
143
144
145 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
146 CIDRs opened in GCE firewall for L7 LB traffic proxy health checks
147
148
149 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
150 CIDRs opened in GCE firewall for L4 LB traffic proxy health checks
151
152
153 --cluster=""
154 The name of the kubeconfig cluster to use
155
156
157 --container-hints="/etc/cadvisor/container_hints.json"
158 location of the container hints file
159
160
161 --containerd="/run/containerd/containerd.sock"
162 containerd endpoint
163
164
165 --containerd-namespace="k8s.io"
166 containerd namespace
167
168
169 --context=""
170 The name of the kubeconfig context to use
171
172
173 --default-not-ready-toleration-seconds=300
174 Indicates the tolerationSeconds of the toleration for
175 notReady:NoExecute that is added by default to every pod that does not
176 already have such a toleration.
177
178
179 --default-unreachable-toleration-seconds=300
180 Indicates the tolerationSeconds of the toleration for
181 unreachable:NoExecute that is added by default to every pod that does
182 not already have such a toleration.
183
184
185 --disable-root-cgroup-stats=false
186 Disable collecting root Cgroup stats
187
188
189 --docker="unix:///var/run/docker.sock"
190 docker endpoint
191
192
193 --docker-env-metadata-whitelist=""
194 a comma-separated list of environment variable keys that needs to
195 be collected for docker containers
196
197
198 --docker-only=false
199 Only report docker containers in addition to root stats
200
201
202 --docker-root="/var/lib/docker"
203 DEPRECATED: docker root is read from docker info (this is a
204 fallback, default: /var/lib/docker)
205
206
207 --docker-tls=false
208 use TLS to connect to docker
209
210
211 --docker-tls-ca="ca.pem"
212 path to trusted CA
213
214
215 --docker-tls-cert="cert.pem"
216 path to client certificate
217
218
219 --docker-tls-key="key.pem"
220 path to private key
221
222
223 --enable-load-reader=false
224 Whether to enable cpu load reader
225
226
227 --event-storage-age-limit="default=0"
228 Max length of time for which to store events (per type). Value is a
229 comma separated list of key values, where the keys are event types
230 (e.g.: creation, oom) or "default" and the value is a duration. Default
231 is applied to all non-specified event types
232
233
234 --event-storage-event-limit="default=0"
235 Max number of events to store (per type). Value is a comma
236 separated list of key values, where the keys are event types (e.g.:
237 creation, oom) or "default" and the value is an integer. Default is
238 applied to all non-specified event types
239
240
241 --global-housekeeping-interval=1m0s
242 Interval between global housekeepings
243
244
245 --housekeeping-interval=10s
246 Interval between container housekeepings
247
248
249 --insecure-skip-tls-verify=false
250 If true, the server's certificate will not be checked for validity.
251 This will make your HTTPS connections insecure
252
253
254 --kubeconfig=""
255 Path to the kubeconfig file to use for CLI requests.
256
257
258 --log-backtrace-at=:0
259 when logging hits line file:N, emit a stack trace
260
261
262 --log-cadvisor-usage=false
263 Whether to log the usage of the cAdvisor container
264
265
266 --log-dir=""
267 If non-empty, write log files in this directory
268
269
270 --log-file=""
271 If non-empty, use this log file
272
273
274 --log-file-max-size=1800
275 Defines the maximum size a log file can grow to. Unit is megabytes.
276 If the value is 0, the maximum file size is unlimited.
277
278
279 --log-flush-frequency=5s
280 Maximum number of seconds between log flushes
281
282
283 --logtostderr=true
284 log to standard error instead of files
285
286
287 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
288 Comma-separated list of files to check for machine-id. Use the
289 first one that exists.
290
291
292 --match-server-version=false
293 Require server version to match client version
294
295
296 -n, --namespace=""
297 If present, the namespace scope for this CLI request
298
299
300 --password=""
301 Password for basic authentication to the API server
302
303
304 --profile="none"
305 Name of profile to capture. One of
306 (none|cpu|heap|goroutine|threadcreate|block|mutex)
307
308
309 --profile-output="profile.pprof"
310 Name of the file to write the profile to
311
312
313 --request-timeout="0"
314 The length of time to wait before giving up on a single server
315 request. Non-zero values should contain a corresponding time unit (e.g.
316 1s, 2m, 3h). A value of zero means don't timeout requests.
317
318
319 -s, --server=""
320 The address and port of the Kubernetes API server
321
322
323 --skip-headers=false
324 If true, avoid header prefixes in the log messages
325
326
327 --skip-log-headers=false
328 If true, avoid headers when opening log files
329
330
331 --stderrthreshold=2
332 logs at or above this threshold go to stderr
333
334
335 --storage-driver-buffer-duration=1m0s
336 Writes in the storage driver will be buffered for this duration,
337 and committed to the non memory backends as a single transaction
338
339
340 --storage-driver-db="cadvisor"
341 database name
342
343
344 --storage-driver-host="localhost:8086"
345 database host:port
346
347
348 --storage-driver-password="root"
349 database password
350
351
352 --storage-driver-secure=false
353 use secure connection with database
354
355
356 --storage-driver-table="stats"
357 table name
358
359
360 --storage-driver-user="root"
361 database username
362
363
364 --tls-server-name=""
365 Server name to use for server certificate validation. If it is not
366 provided, the hostname used to contact the server is used
367
368
369 --token=""
370 Bearer token for authentication to the API server
371
372
373 --update-machine-info-interval=5m0s
374 Interval between machine info updates.
375
376
377 --user=""
378 The name of the kubeconfig user to use
379
380
381 --username=""
382 Username for basic authentication to the API server
383
384
385 -v, --v=0
386 number for the log level verbosity
387
388
389 --version=false
390 Print version information and quit
391
392
393 --vmodule=
394 comma-separated list of pattern=N settings for file-filtered
395 logging
396
397
398
400 # Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
401 $ kubectl drain foo --force
402
403 # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
404 $ kubectl drain foo --grace-period=900
405
406
407
408
410 kubectl(1),
411
412
413
415 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
416 com) based on the kubernetes source material, but hopefully they have
417 been automatically generated since!
418
419
420
421Eric Paris kubernetes User Manuals KUBERNETES(1)