1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kube-scheduler -
10
14 kube-scheduler [OPTIONS]
15
19 The Kubernetes scheduler is a control plane process which assigns Pods
20 to Nodes. The scheduler determines which Nodes are valid placements for
21 each Pod in the scheduling queue according to constraints and available
22 resources. The scheduler then ranks each valid Node and binds the Pod
23 to a suitable Node. Multiple different schedulers may be used within a
24 cluster; kube-scheduler is the reference implementation. See schedul‐
25 ing ⟨https://kubernetes.io/docs/concepts/scheduling-eviction/⟩ for more
26 information about scheduling and the kube-scheduler component.
27
31 --add_dir_header=false If true, adds the file directory to the
32 header of the log messages
33 --allow-metric-labels=[] The map from metric-label to value allow-
36 list of this label. The key's format is ,. The value's format is
37 ,...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' met‐
38 ric2,label1='v1,v2,v3'.
39 --alsologtostderr=false log to standard error as well as files
42 --authentication-kubeconfig="" kubeconfig file pointing at the
45 'core' kubernetes server with enough rights to create tokenreviews.au‐
46 thentication.k8s.io. This is optional. If empty, all token requests are
47 considered to be anonymous and no client CA is looked up in the clus‐
48 ter.
49 --authentication-skip-lookup=false If false, the authentication-
52 kubeconfig will be used to lookup missing authentication configuration
53 from the cluster.
54 --authentication-token-webhook-cache-ttl=10s The duration to cache
57 responses from the webhook token authenticator.
58 --authentication-tolerate-lookup-failure=true If true, failures to
61 look up missing authentication configuration from the cluster are not
62 considered fatal. Note that this can result in authentication that
63 treats all requests as anonymous.
64 --authorization-always-allow-paths=[/healthz,/readyz,/livez] A
67 list of HTTP paths to skip during authorization, i.e. these are autho‐
68 rized without contacting the 'core' kubernetes server.
69 --authorization-kubeconfig="" kubeconfig file pointing at the
72 'core' kubernetes server with enough rights to create subjectaccessre‐
73 views.authorization.k8s.io. This is optional. If empty, all requests
74 not skipped by authorization are forbidden.
75 --authorization-webhook-cache-authorized-ttl=10s The duration to
78 cache 'authorized' responses from the webhook authorizer.
79 --authorization-webhook-cache-unauthorized-ttl=10s The duration to
82 cache 'unauthorized' responses from the webhook authorizer.
83 --azure-container-registry-config="" Path to the file containing
86 Azure container registry configuration information.
87 --bind-address=0.0.0.0 The IP address on which to listen for the
90 --secure-port port. The associated interface(s) must be reachable by
91 the rest of the cluster, and by CLI/web clients. If blank or an unspec‐
92 ified address (0.0.0.0 or ::), all interfaces will be used.
93 --cert-dir="" The directory where the TLS certs are located. If
96 --tls-cert-file and --tls-private-key-file are provided, this flag will
97 be ignored.
98 --client-ca-file="" If set, any request presenting a client cer‐
101 tificate signed by one of the authorities in the client-ca-file is au‐
102 thenticated with an identity corresponding to the CommonName of the
103 client certificate.
104 --config="" The path to the configuration file.
107 --contention-profiling=true DEPRECATED: enable lock contention
110 profiling, if profiling is enabled. This parameter is ignored if a con‐
111 fig file is specified in --config.
112 --disabled-metrics=[] This flag provides an escape hatch for mis‐
115 behaving metrics. You must provide the fully qualified metric name in
116 order to disable it. Disclaimer: disabling metrics is higher in prece‐
117 dence than showing hidden metrics.
118 --feature-gates= A set of key=value pairs that describe feature
121 gates for alpha/experimental features. Options are: APIListChunk‐
122 ing=true|false (BETA - default=true) APIPriorityAndFairness=true|false
123 (BETA - default=true) APIResponseCompression=true|false (BETA - de‐
124 fault=true) APIServerIdentity=true|false (ALPHA - default=false) APIS‐
125 erverTracing=true|false (ALPHA - default=false) AllAlpha=true|false
126 (ALPHA - default=false) AllBeta=true|false (BETA - default=false)
127 AnyVolumeDataSource=true|false (BETA - default=true) AppAr‐
128 mor=true|false (BETA - default=true) CPUManager=true|false (BETA - de‐
129 fault=true) CPUManagerPolicyAlphaOptions=true|false (ALPHA - de‐
130 fault=false) CPUManagerPolicyBetaOptions=true|false (BETA - de‐
131 fault=true) CPUManagerPolicyOptions=true|false (BETA - default=true)
132 CSIInlineVolume=true|false (BETA - default=true) CSIMigra‐
133 tion=true|false (BETA - default=true) CSIMigrationAWS=true|false (BETA
134 - default=true) CSIMigrationAzureFile=true|false (BETA - default=true)
135 CSIMigrationGCE=true|false (BETA - default=true) CSIMigrationPort‐
136 worx=true|false (ALPHA - default=false) CSIMigrationRBD=true|false (AL‐
137 PHA - default=false) CSIMigrationvSphere=true|false (BETA - de‐
138 fault=false) CSIVolumeHealth=true|false (ALPHA - default=false) Contex‐
139 tualLogging=true|false (ALPHA - default=false) CronJobTime‐
140 Zone=true|false (ALPHA - default=false) CustomCPUCFSQuotaPe‐
141 riod=true|false (ALPHA - default=false) CustomResourceValidationExpres‐
142 sions=true|false (ALPHA - default=false) DaemonSetUp‐
143 dateSurge=true|false (BETA - default=true) DelegateFSGroupToC‐
144 SIDriver=true|false (BETA - default=true) DevicePlugins=true|false
145 (BETA - default=true) DisableAcceleratorUsageMetrics=true|false (BETA -
146 default=true) DisableCloudProviders=true|false (ALPHA - default=false)
147 DisableKubeletCloudCredentialProviders=true|false (ALPHA - de‐
148 fault=false) DownwardAPIHugePages=true|false (BETA - default=true) End‐
149 pointSliceTerminatingCondition=true|false (BETA - default=true)
150 EphemeralContainers=true|false (BETA - default=true) ExpandedDNSCon‐
151 fig=true|false (ALPHA - default=false) ExperimentalHostUserNamespaceDe‐
152 faulting=true|false (BETA - default=false) GRPCContainer‐
153 Probe=true|false (BETA - default=true) GracefulNodeShutdown=true|false
154 (BETA - default=true) GracefulNodeShutdownBasedOnPodPriority=true|false
155 (BETA - default=true) HPAContainerMetrics=true|false (ALPHA - de‐
156 fault=false) HPAScaleToZero=true|false (ALPHA - default=false) Honor‐
157 PVReclaimPolicy=true|false (ALPHA - default=false) IdentifyPo‐
158 dOS=true|false (BETA - default=true) InTreePluginAWSUnregis‐
159 ter=true|false (ALPHA - default=false) InTreePluginAzureDiskUnregis‐
160 ter=true|false (ALPHA - default=false) InTreePluginAzureFileUnregis‐
161 ter=true|false (ALPHA - default=false) InTreePluginGCEUnregis‐
162 ter=true|false (ALPHA - default=false) InTreePluginOpenStackUnregis‐
163 ter=true|false (ALPHA - default=false) InTreePluginPortworxUnregis‐
164 ter=true|false (ALPHA - default=false) InTreePluginRBDUnregis‐
165 ter=true|false (ALPHA - default=false) InTreePluginvSphereUnregis‐
166 ter=true|false (ALPHA - default=false) JobMutableNodeSchedulingDirec‐
167 tives=true|false (BETA - default=true) JobReadyPods=true|false (BETA -
168 default=true) JobTrackingWithFinalizers=true|false (BETA - de‐
169 fault=false) KubeletCredentialProviders=true|false (BETA - de‐
170 fault=true) KubeletInUserNamespace=true|false (ALPHA - default=false)
171 KubeletPodResources=true|false (BETA - default=true) KubeletPo‐
172 dResourcesGetAllocatable=true|false (BETA - default=true) LegacySer‐
173 viceAccountTokenNoAutoGeneration=true|false (BETA - default=true) Lo‐
174 calStorageCapacityIsolation=true|false (BETA - default=true) LocalStor‐
175 ageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - de‐
176 fault=false) LogarithmicScaleDown=true|false (BETA - default=true) Max‐
177 UnavailableStatefulSet=true|false (ALPHA - default=false) MemoryMan‐
178 ager=true|false (BETA - default=true) MemoryQoS=true|false (ALPHA - de‐
179 fault=false) MinDomainsInPodTopologySpread=true|false (ALPHA - de‐
180 fault=false) MixedProtocolLBService=true|false (BETA - default=true)
181 NetworkPolicyEndPort=true|false (BETA - default=true) NetworkPolicySta‐
182 tus=true|false (ALPHA - default=false) NodeOutOfServiceVolumeDe‐
183 tach=true|false (ALPHA - default=false) NodeSwap=true|false (ALPHA -
184 default=false) OpenAPIEnums=true|false (BETA - default=true) Ope‐
185 nAPIV3=true|false (BETA - default=true) PodAndContainerStatsFrom‐
186 CRI=true|false (ALPHA - default=false) PodDeletionCost=true|false (BETA
187 - default=true) PodSecurity=true|false (BETA - default=true) ProbeTer‐
188 minationGracePeriod=true|false (BETA - default=false) ProcMount‐
189 Type=true|false (ALPHA - default=false) ProxyTerminatingEnd‐
190 points=true|false (ALPHA - default=false) QOSReserved=true|false (ALPHA
191 - default=false) ReadWriteOncePod=true|false (ALPHA - default=false)
192 RecoverVolumeExpansionFailure=true|false (ALPHA - default=false) Re‐
193 mainingItemCount=true|false (BETA - default=true) RotateKubelet‐
194 ServerCertificate=true|false (BETA - default=true) SeccompDe‐
195 fault=true|false (ALPHA - default=false) ServerSideFieldValida‐
196 tion=true|false (ALPHA - default=false) ServiceIPStaticSub‐
197 range=true|false (ALPHA - default=false) ServiceInternalTrafficPol‐
198 icy=true|false (BETA - default=true) SizeMemoryBackedVolumes=true|false
199 (BETA - default=true) StatefulSetAutoDeletePVC=true|false (ALPHA - de‐
200 fault=false) StatefulSetMinReadySeconds=true|false (BETA - de‐
201 fault=true) StorageVersionAPI=true|false (ALPHA - default=false) Stor‐
202 ageVersionHash=true|false (BETA - default=true) TopologyAware‐
203 Hints=true|false (BETA - default=true) TopologyManager=true|false (BETA
204 - default=true) VolumeCapacityPriority=true|false (ALPHA - de‐
205 fault=false) WinDSR=true|false (ALPHA - default=false) WinOver‐
206 lay=true|false (BETA - default=true) WindowsHostProcessContain‐
207 ers=true|false (BETA - default=true)
208 -h, --help=false help for kube-scheduler
211 --http2-max-streams-per-connection=0 The limit that the server
214 gives to clients for the maximum number of streams in an HTTP/2 connec‐
215 tion. Zero means to use golang's default.
216 --kube-api-burst=100 DEPRECATED: burst to use while talking with
219 kubernetes apiserver. This parameter is ignored if a config file is
220 specified in --config.
221 --kube-api-content-type="application/vnd.kubernetes.protobuf" DEP‐
224 RECATED: content type of requests sent to apiserver. This parameter is
225 ignored if a config file is specified in --config.
226 --kube-api-qps=50 DEPRECATED: QPS to use while talking with kuber‐
229 netes apiserver. This parameter is ignored if a config file is speci‐
230 fied in --config.
231 --kubeconfig="" DEPRECATED: path to kubeconfig file with autho‐
234 rization and master location information. This parameter is ignored if
235 a config file is specified in --config.
236 --leader-elect=true Start a leader election client and gain lead‐
239 ership before executing the main loop. Enable this when running repli‐
240 cated components for high availability.
241 --leader-elect-lease-duration=15s The duration that non-leader
244 candidates will wait after observing a leadership renewal until at‐
245 tempting to acquire leadership of a led but unrenewed leader slot. This
246 is effectively the maximum duration that a leader can be stopped before
247 it is replaced by another candidate. This is only applicable if leader
248 election is enabled.
249 --leader-elect-renew-deadline=10s The interval between attempts by
252 the acting master to renew a leadership slot before it stops leading.
253 This must be less than or equal to the lease duration. This is only ap‐
254 plicable if leader election is enabled.
255 --leader-elect-resource-lock="leases" The type of resource object
258 that is used for locking during leader election. Supported options are
259 'leases', 'endpointsleases' and 'configmapsleases'.
260 --leader-elect-resource-name="kube-scheduler" The name of resource
263 object that is used for locking during leader election.
264 --leader-elect-resource-namespace="kube-system" The namespace of
267 resource object that is used for locking during leader election.
268 --leader-elect-retry-period=2s The duration the clients should
271 wait between attempting acquisition and renewal of a leadership. This
272 is only applicable if leader election is enabled.
273 --lock-object-name="kube-scheduler" DEPRECATED: define the name of
276 the lock object. Will be removed in favor of leader-elect-resource-
277 name. This parameter is ignored if a config file is specified in --con‐
278 fig.
279 --lock-object-namespace="kube-system" DEPRECATED: define the name‐
282 space of the lock object. Will be removed in favor of leader-elect-re‐
283 source-namespace. This parameter is ignored if a config file is speci‐
284 fied in --config.
285 --log-flush-frequency=5s Maximum number of seconds between log
288 flushes
289 --log_backtrace_at=:0 when logging hits line file:N, emit a stack
292 trace
293 --log_dir="" If non-empty, write log files in this directory
296 --log_file="" If non-empty, use this log file
299 --log_file_max_size=1800 Defines the maximum size a log file can
302 grow to. Unit is megabytes. If the value is 0, the maximum file size is
303 unlimited.
304 --logging-format="text" Sets the log format. Permitted formats:
307 "text". Non-default formats don't honor these flags: --add-dir-header,
308 --alsologtostderr, --log-backtrace-at, --log-dir, --log-file, --log-
309 file-max-size, --logtostderr, --one-output, --skip-headers, --skip-log-
310 headers, --stderrthreshold, --vmodule. Non-default choices are cur‐
311 rently alpha and subject to change without warning.
312 --logtostderr=true log to standard error instead of files
315 --master="" The address of the Kubernetes API server (overrides
318 any value in kubeconfig)
319 --one_output=false If true, only write logs to their native sever‐
322 ity level (vs also writing to each lower severity level)
323 --permit-address-sharing=false If true, SO_REUSEADDR will be used
326 when binding the port. This allows binding to wildcard IPs like 0.0.0.0
327 and specific IPs in parallel, and it avoids waiting for the kernel to
328 release sockets in TIME_WAIT state. [default=false]
329 --permit-port-sharing=false If true, SO_REUSEPORT will be used
332 when binding the port, which allows more than one instance to bind on
333 the same address and port. [default=false]
334 --pod-max-in-unschedulable-pods-duration=5m0s DEPRECATED: the max‐
337 imum time a pod can stay in unschedulablePods. If a pod stays in un‐
338 schedulablePods for longer than this value, the pod will be moved from
339 unschedulablePods to backoffQ or activeQ. This flag is deprecated and
340 will be removed in 1.26
341 --profiling=true DEPRECATED: enable profiling via web interface
344 host:port/debug/pprof/. This parameter is ignored if a config file is
345 specified in --config.
346 --requestheader-allowed-names=[] List of client certificate common
349 names to allow to provide usernames in headers specified by --request‐
350 header-username-headers. If empty, any client certificate validated by
351 the authorities in --requestheader-client-ca-file is allowed.
352 --requestheader-client-ca-file="" Root certificate bundle to use
355 to verify client certificates on incoming requests before trusting
356 usernames in headers specified by --requestheader-username-headers.
357 WARNING: generally do not depend on authorization being already done
358 for incoming requests.
359 --requestheader-extra-headers-prefix=[x-remote-extra-] List of re‐
362 quest header prefixes to inspect. X-Remote-Extra- is suggested.
363 --requestheader-group-headers=[x-remote-group] List of request
366 headers to inspect for groups. X-Remote-Group is suggested.
367 --requestheader-username-headers=[x-remote-user] List of request
370 headers to inspect for usernames. X-Remote-User is common.
371 --secure-port=10259 The port on which to serve HTTPS with authen‐
374 tication and authorization. If 0, don't serve HTTPS at all.
375 --show-hidden-metrics-for-version="" The previous version for
378 which you want to show hidden metrics. Only the previous minor version
379 is meaningful, other values will not be allowed. The format is ., e.g.:
380 '1.16'. The purpose of this format is make sure you have the opportu‐
381 nity to notice if the next release hides additional metrics, rather
382 than being surprised when they are permanently removed in the release
383 after that.
384 --skip_headers=false If true, avoid header prefixes in the log
387 messages
388 --skip_log_headers=false If true, avoid headers when opening log
391 files
392 --stderrthreshold=2 logs at or above this threshold go to stderr
395 --tls-cert-file="" File containing the default x509 Certificate
398 for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS
399 serving is enabled, and --tls-cert-file and --tls-private-key-file are
400 not provided, a self-signed certificate and key are generated for the
401 public address and saved to the directory specified by --cert-dir.
402 --tls-cipher-suites=[] Comma-separated list of cipher suites for
405 the server. If omitted, the default Go cipher suites will be used.
406 Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
407 TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
408 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
409 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
410 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
411 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
412 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
413 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
414 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
415 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
416 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
417 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
418 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
419 TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256,
420 TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384. Inse‐
421 cure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
422 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
423 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
424 TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
425 TLS_RSA_WITH_RC4_128_SHA.
426 --tls-min-version="" Minimum TLS version supported. Possible val‐
429 ues: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
430 --tls-private-key-file="" File containing the default x509 private
433 key matching --tls-cert-file.
434 --tls-sni-cert-key=[] A pair of x509 certificate and private key
437 file paths, optionally suffixed with a list of domain patterns which
438 are fully qualified domain names, possibly with prefixed wildcard seg‐
439 ments. The domain patterns also allow IP addresses, but IPs should only
440 be used if the apiserver has visibility to the IP address requested by
441 a client. If no domain patterns are provided, the names of the certifi‐
442 cate are extracted. Non-wildcard matches trump over wildcard matches,
443 explicit domain patterns trump over extracted names. For multiple
444 key/certificate pairs, use the --tls-sni-cert-key multiple times. Exam‐
445 ples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".
446 -v, --v=0 number for the log level verbosity
449 --version=false Print version information and quit
452 --vmodule= comma-separated list of pattern=N settings for file-
455 filtered logging (only works for text log format)
456 --write-config-to="" If set, write the configuration values to
459 this file and exit.
460
464 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
465 com) based on the kubernetes source material, but hopefully they have
466 been automatically generated since!
467Manuals User KUBERNETES(1)(kubernetes)