1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl drain - Drain node in preparation for maintenance
10
11
12

SYNOPSIS

14       kubectl drain [OPTIONS]
15
16
17

DESCRIPTION

19       Drain node in preparation for maintenance.
20
21
22       The  given  node  will be marked unschedulable to prevent new pods from
23       arriving. 'drain' evicts the pods if the APIServer supports  http://ku
24       bernetes.io/docs/admin/disruptions/  .  Otherwise,  it  will use normal
25       DELETE to delete the pods. The 'drain' evicts or deletes all  pods  ex‐
26       cept  mirror pods (which cannot be deleted through the API server).  If
27       there are DaemonSet-managed pods, drain will not proceed without  --ig‐
28       nore-daemonsets,  and  regardless it will not delete any DaemonSet-man‐
29       aged pods, because those pods would be immediately replaced by the Dae‐
30       monSet  controller, which ignores unschedulable markings.  If there are
31       any pods that are neither mirror pods nor  managed  by  ReplicationCon‐
32       troller, ReplicaSet, DaemonSet, StatefulSet or Job, then drain will not
33       delete any pods unless you use --force.  --force will also allow  dele‐
34       tion  to  proceed if the managing resource of one or more pods is miss‐
35       ing.
36
37
38       'drain' waits for graceful termination. You should not operate  on  the
39       machine until the command completes.
40
41
42       When  you  are ready to put the node back into service, use kubectl un‐
43       cordon, which will make the node schedulable again.
44
45
46       http://kubernetes.io/images/docs/kubectl_drain.svg
47
48
49

OPTIONS

51       --delete-emptydir-data=false      Continue even if there are pods using
52       emptyDir (local data that will be deleted when the node is drained).
53
54
55       --delete-local-data=false       Continue  even  if there are pods using
56       emptyDir (local data that will be deleted when the node is drained).
57
58
59       --disable-eviction=false      Force drain to use delete, even if  evic‐
60       tion  is supported. This will bypass checking PodDisruptionBudgets, use
61       with caution.
62
63
64       --dry-run="none"      Must be "none", "server", or "client". If  client
65       strategy, only print the object that would be sent, without sending it.
66       If server strategy, submit server-side request without  persisting  the
67       resource.
68
69
70       --force=false       Continue  even  if  there are pods not managed by a
71       ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
72
73
74       --grace-period=-1      Period of time in seconds given to each  pod  to
75       terminate  gracefully.  If negative, the default value specified in the
76       pod will be used.
77
78
79       --ignore-daemonsets=false      Ignore DaemonSet-managed pods.
80
81
82       --pod-selector=""      Label selector to filter pods on the node
83
84
85       -l, --selector=""      Selector (label query) to filter on
86
87
88       --skip-wait-for-delete-timeout=0      If  pod  DeletionTimestamp  older
89       than N seconds, skip waiting for the pod.  Seconds must be greater than
90       0 to skip.
91
92
93       --timeout=0s      The length of time to wait  before  giving  up,  zero
94       means infinite
95
96
97

OPTIONS INHERITED FROM PARENT COMMANDS

99       --add-dir-header=false       If  true,  adds  the file directory to the
100       header of the log messages
101
102
103       --alsologtostderr=false      log to standard error as well as files
104
105
106       --application-metrics-count-limit=100      Max  number  of  application
107       metrics to store (per container)
108
109
110       --as=""      Username to impersonate for the operation
111
112
113       --as-group=[]       Group  to  impersonate for the operation, this flag
114       can be repeated to specify multiple groups.
115
116
117       --azure-container-registry-config=""      Path to the  file  containing
118       Azure container registry configuration information.
119
120
121       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
122       list of files to check for boot-id. Use the first one that exists.
123
124
125       --cache-dir="/builddir/.kube/cache"      Default cache directory
126
127
128       --certificate-authority=""      Path to a cert file for the certificate
129       authority
130
131
132       --client-certificate=""      Path to a client certificate file for TLS
133
134
135       --client-key=""      Path to a client key file for TLS
136
137
138       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
139            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
140       checks
141
142
143       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
144            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
145       checks
146
147
148       --cluster=""      The name of the kubeconfig cluster to use
149
150
151       --container-hints="/etc/cadvisor/container_hints.json"      location of
152       the container hints file
153
154
155       --containerd="/run/containerd/containerd.sock"      containerd endpoint
156
157
158       --containerd-namespace="k8s.io"      containerd namespace
159
160
161       --context=""      The name of the kubeconfig context to use
162
163
164       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
165       tionSeconds  of  the toleration for notReady:NoExecute that is added by
166       default to every pod that does not already have such a toleration.
167
168
169       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
170       tionSeconds  of  the toleration for unreachable:NoExecute that is added
171       by default to every pod that does not already have such a toleration.
172
173
174       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
175       stats
176
177
178       --docker="unix:///var/run/docker.sock"      docker endpoint
179
180
181       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
182       ronment variable keys matched with specified prefix that  needs  to  be
183       collected for docker containers
184
185
186       --docker-only=false       Only  report docker containers in addition to
187       root stats
188
189
190       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
191       from docker info (this is a fallback, default: /var/lib/docker)
192
193
194       --docker-tls=false      use TLS to connect to docker
195
196
197       --docker-tls-ca="ca.pem"      path to trusted CA
198
199
200       --docker-tls-cert="cert.pem"      path to client certificate
201
202
203       --docker-tls-key="key.pem"      path to private key
204
205
206       --enable-load-reader=false      Whether to enable cpu load reader
207
208
209       --event-storage-age-limit="default=0"      Max length of time for which
210       to store events (per type). Value is a comma separated list of key val‐
211       ues,  where the keys are event types (e.g.: creation, oom) or "default"
212       and the value is a duration. Default is applied  to  all  non-specified
213       event types
214
215
216       --event-storage-event-limit="default=0"       Max  number  of events to
217       store (per type). Value is a comma separated list of key values,  where
218       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
219       value is an integer. Default is  applied  to  all  non-specified  event
220       types
221
222
223       --global-housekeeping-interval=1m0s      Interval between global house‐
224       keepings
225
226
227       --housekeeping-interval=10s      Interval between container  housekeep‐
228       ings
229
230
231       --insecure-skip-tls-verify=false      If true, the server's certificate
232       will not be checked for validity. This will make your HTTPS connections
233       insecure
234
235
236       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
237       quests.
238
239
240       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
241       trace
242
243
244       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
245       sor container
246
247
248       --log-dir=""      If non-empty, write log files in this directory
249
250
251       --log-file=""      If non-empty, use this log file
252
253
254       --log-file-max-size=1800      Defines the maximum size a log  file  can
255       grow to. Unit is megabytes. If the value is 0, the maximum file size is
256       unlimited.
257
258
259       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
260       flushes
261
262
263       --logtostderr=true      log to standard error instead of files
264
265
266       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
267            Comma-separated list of files to check  for  machine-id.  Use  the
268       first one that exists.
269
270
271       --match-server-version=false        Require  server  version  to  match
272       client version
273
274
275       -n, --namespace=""      If present, the namespace scope  for  this  CLI
276       request
277
278
279       --one-output=false      If true, only write logs to their native sever‐
280       ity level (vs also writing to each lower severity level
281
282
283       --password=""      Password for basic authentication to the API server
284
285
286       --profile="none"        Name   of   profile   to   capture.   One    of
287       (none|cpu|heap|goroutine|threadcreate|block|mutex)
288
289
290       --profile-output="profile.pprof"       Name  of  the  file to write the
291       profile to
292
293
294       --referenced-reset-interval=0      Reset interval for referenced  bytes
295       (container_referenced_bytes metric), number of measurement cycles after
296       which referenced bytes are cleared, if set to 0  referenced  bytes  are
297       never cleared (default: 0)
298
299
300       --request-timeout="0"       The length of time to wait before giving up
301       on a single server request. Non-zero values  should  contain  a  corre‐
302       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
303       out requests.
304
305
306       -s, --server=""      The address and port of the Kubernetes API server
307
308
309       --skip-headers=false      If true, avoid header  prefixes  in  the  log
310       messages
311
312
313       --skip-log-headers=false       If  true, avoid headers when opening log
314       files
315
316
317       --stderrthreshold=2      logs at or above this threshold go to stderr
318
319
320       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
321       will  be  buffered  for  this duration, and committed to the non memory
322       backends as a single transaction
323
324
325       --storage-driver-db="cadvisor"      database name
326
327
328       --storage-driver-host="localhost:8086"      database host:port
329
330
331       --storage-driver-password="root"      database password
332
333
334       --storage-driver-secure=false      use secure connection with database
335
336
337       --storage-driver-table="stats"      table name
338
339
340       --storage-driver-user="root"      database username
341
342
343       --tls-server-name=""      Server name to  use  for  server  certificate
344       validation.  If  it  is  not provided, the hostname used to contact the
345       server is used
346
347
348       --token=""      Bearer token for authentication to the API server
349
350
351       --update-machine-info-interval=5m0s      Interval between machine  info
352       updates.
353
354
355       --user=""      The name of the kubeconfig user to use
356
357
358       --username=""      Username for basic authentication to the API server
359
360
361       -v, --v=0      number for the log level verbosity
362
363
364       --version=false      Print version information and quit
365
366
367       --vmodule=        comma-separated   list   of  pattern=N  settings  for
368       file-filtered logging
369
370
371       --warnings-as-errors=false      Treat warnings received from the server
372       as errors and exit with a non-zero exit code
373
374
375

EXAMPLE

377                # Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
378                $ kubectl drain foo --force
379
380                # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
381                $ kubectl drain foo --grace-period=900
382
383
384
385

SEE ALSO

387       kubectl(1),
388
389
390

HISTORY

392       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
393       com) based on the kubernetes source material, but hopefully  they  have
394       been automatically generated since!
395
396
397
398Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum