1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kube-scheduler -
10
14 kube-scheduler [OPTIONS]
15
19 The Kubernetes scheduler is a control plane process which assigns Pods
20 to Nodes. The scheduler determines which Nodes are valid placements for
21 each Pod in the scheduling queue according to constraints and available
22 resources. The scheduler then ranks each valid Node and binds the Pod
23 to a suitable Node. Multiple different schedulers may be used within a
24 cluster; kube-scheduler is the reference implementation. See schedul‐
25 ing ⟨https://kubernetes.io/docs/concepts/scheduling-eviction/⟩ for more
26 information about scheduling and the kube-scheduler component.
27
31 --add_dir_header=false If true, adds the file directory to the
32 header of the log messages
33 --address="0.0.0.0" DEPRECATED: the IP address on which to listen
36 for the --port port (set to 0.0.0.0 or :: for listening in all inter‐
37 faces and IP families). See --bind-address instead. This parameter is
38 ignored if a config file is specified in --config.
39 --algorithm-provider="" DEPRECATED: the scheduling algorithm
42 provider to use, this sets the default plugins for component config
43 profiles. Choose one of: ClusterAutoscalerProvider | DefaultProvider
44 --allow-metric-labels=[] The map from metric-label to value al‐
47 low-list of this label. The key's format is ,. The value's format is
48 ,...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' met‐
49 ric2,label1='v1,v2,v3'.
50 --alsologtostderr=false log to standard error as well as files
53 --authentication-kubeconfig="" kubeconfig file pointing at the
56 'core' kubernetes server with enough rights to create tokenreviews.au‐
57 thentication.k8s.io. This is optional. If empty, all token requests are
58 considered to be anonymous and no client CA is looked up in the clus‐
59 ter.
60 --authentication-skip-lookup=false If false, the authentica‐
63 tion-kubeconfig will be used to lookup missing authentication configu‐
64 ration from the cluster.
65 --authentication-token-webhook-cache-ttl=10s The duration to cache
68 responses from the webhook token authenticator.
69 --authentication-tolerate-lookup-failure=true If true, failures to
72 look up missing authentication configuration from the cluster are not
73 considered fatal. Note that this can result in authentication that
74 treats all requests as anonymous.
75 --authorization-always-allow-paths=[/healthz,/readyz,/livez] A
78 list of HTTP paths to skip during authorization, i.e. these are autho‐
79 rized without contacting the 'core' kubernetes server.
80 --authorization-kubeconfig="" kubeconfig file pointing at the
83 'core' kubernetes server with enough rights to create subjectaccessre‐
84 views.authorization.k8s.io. This is optional. If empty, all requests
85 not skipped by authorization are forbidden.
86 --authorization-webhook-cache-authorized-ttl=10s The duration to
89 cache 'authorized' responses from the webhook authorizer.
90 --authorization-webhook-cache-unauthorized-ttl=10s The duration to
93 cache 'unauthorized' responses from the webhook authorizer.
94 --azure-container-registry-config="" Path to the file containing
97 Azure container registry configuration information.
98 --bind-address=0.0.0.0 The IP address on which to listen for the
101 --secure-port port. The associated interface(s) must be reachable by
102 the rest of the cluster, and by CLI/web clients. If blank or an unspec‐
103 ified address (0.0.0.0 or ::), all interfaces will be used.
104 --cert-dir="" The directory where the TLS certs are located. If
107 --tls-cert-file and --tls-private-key-file are provided, this flag will
108 be ignored.
109 --client-ca-file="" If set, any request presenting a client cer‐
112 tificate signed by one of the authorities in the client-ca-file is au‐
113 thenticated with an identity corresponding to the CommonName of the
114 client certificate.
115 --config="" The path to the configuration file. The following
118 flags can overwrite fields in this file:
119 --algorithm-provider
120 --policy-config-file
121 --policy-configmap
122 --policy-configmap-namespace
123 --contention-profiling=true DEPRECATED: enable lock contention
126 profiling, if profiling is enabled. This parameter is ignored if a con‐
127 fig file is specified in --config.
128 --disabled-metrics=[] This flag provides an escape hatch for mis‐
131 behaving metrics. You must provide the fully qualified metric name in
132 order to disable it. Disclaimer: disabling metrics is higher in prece‐
133 dence than showing hidden metrics.
134 --experimental-logging-sanitization=false [Experimental] When en‐
137 abled prevents logging of fields tagged as sensitive (passwords, keys,
138 tokens). Runtime log sanitization may introduce significant computa‐
139 tion overhead and therefore should not be enabled in production.
140 --feature-gates= A set of key=value pairs that describe feature
143 gates for alpha/experimental features. Options are: APIListChunk‐
144 ing=true|false (BETA - default=true) APIPriorityAndFairness=true|false
145 (BETA - default=true) APIResponseCompression=true|false (BETA - de‐
146 fault=true) APIServerIdentity=true|false (ALPHA - default=false) AllAl‐
147 pha=true|false (ALPHA - default=false) AllBeta=true|false (BETA - de‐
148 fault=false) AnyVolumeDataSource=true|false (ALPHA - default=false) Ap‐
149 pArmor=true|false (BETA - default=true) BalanceAttachedNodeVol‐
150 umes=true|false (ALPHA - default=false) BoundServiceAccountTokenVol‐
151 ume=true|false (BETA - default=true) CPUManager=true|false (BETA - de‐
152 fault=true) CSIInlineVolume=true|false (BETA - default=true) CSIMigra‐
153 tion=true|false (BETA - default=true) CSIMigrationAWS=true|false (BETA
154 - default=false) CSIMigrationAzureDisk=true|false (BETA - de‐
155 fault=false) CSIMigrationAzureFile=true|false (BETA - default=false)
156 CSIMigrationGCE=true|false (BETA - default=false) CSIMigrationOpen‐
157 Stack=true|false (BETA - default=true) CSIMigrationvSphere=true|false
158 (BETA - default=false) CSIMigrationvSphereComplete=true|false (BETA -
159 default=false) CSIServiceAccountToken=true|false (BETA - default=true)
160 CSIStorageCapacity=true|false (BETA - default=true) CSIVolumeFSGroup‐
161 Policy=true|false (BETA - default=true) CSIVolumeHealth=true|false (AL‐
162 PHA - default=false) ConfigurableFSGroupPolicy=true|false (BETA - de‐
163 fault=true) ControllerManagerLeaderMigration=true|false (ALPHA - de‐
164 fault=false) CronJobControllerV2=true|false (BETA - default=true) Cus‐
165 tomCPUCFSQuotaPeriod=true|false (ALPHA - default=false) DaemonSetUp‐
166 dateSurge=true|false (ALPHA - default=false) DefaultPodTopolo‐
167 gySpread=true|false (BETA - default=true) DevicePlugins=true|false
168 (BETA - default=true) DisableAcceleratorUsageMetrics=true|false (BETA -
169 default=true) DownwardAPIHugePages=true|false (BETA - default=false)
170 DynamicKubeletConfig=true|false (BETA - default=true) EfficientWatchRe‐
171 sumption=true|false (BETA - default=true) EndpointSliceProxy‐
172 ing=true|false (BETA - default=true) EndpointSliceTerminatingCondi‐
173 tion=true|false (ALPHA - default=false) EphemeralContainers=true|false
174 (ALPHA - default=false) ExpandCSIVolumes=true|false (BETA - de‐
175 fault=true) ExpandInUsePersistentVolumes=true|false (BETA - de‐
176 fault=true) ExpandPersistentVolumes=true|false (BETA - default=true)
177 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - de‐
178 fault=false) GenericEphemeralVolume=true|false (BETA - default=true)
179 GracefulNodeShutdown=true|false (BETA - default=true) HPAContainerMet‐
180 rics=true|false (ALPHA - default=false) HPAScaleToZero=true|false (AL‐
181 PHA - default=false) HugePageStorageMediumSize=true|false (BETA - de‐
182 fault=true) IPv6DualStack=true|false (BETA - default=true) InTreePlugi‐
183 nAWSUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
184 DiskUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
185 FileUnregister=true|false (ALPHA - default=false) InTreePluginGCEUnreg‐
186 ister=true|false (ALPHA - default=false) InTreePluginOpenStackUnregis‐
187 ter=true|false (ALPHA - default=false) InTreePluginvSphereUnregis‐
188 ter=true|false (ALPHA - default=false) IndexedJob=true|false (ALPHA -
189 default=false) IngressClassNamespacedParams=true|false (ALPHA - de‐
190 fault=false) KubeletCredentialProviders=true|false (ALPHA - de‐
191 fault=false) KubeletPodResources=true|false (BETA - default=true)
192 KubeletPodResourcesGetAllocatable=true|false (ALPHA - default=false)
193 LocalStorageCapacityIsolation=true|false (BETA - default=true) Local‐
194 StorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - de‐
195 fault=false) LogarithmicScaleDown=true|false (ALPHA - default=false)
196 MemoryManager=true|false (ALPHA - default=false) MixedProtocolLBSer‐
197 vice=true|false (ALPHA - default=false) NamespaceDefaultLabel‐
198 Name=true|false (BETA - default=true) NetworkPolicyEndPort=true|false
199 (ALPHA - default=false) NonPreemptingPriority=true|false (BETA - de‐
200 fault=true) PodAffinityNamespaceSelector=true|false (ALPHA - de‐
201 fault=false) PodDeletionCost=true|false (ALPHA - default=false)
202 PodOverhead=true|false (BETA - default=true) PreferNominat‐
203 edNode=true|false (ALPHA - default=false) ProbeTerminationGracePe‐
204 riod=true|false (ALPHA - default=false) ProcMountType=true|false (ALPHA
205 - default=false) QOSReserved=true|false (ALPHA - default=false) Remain‐
206 ingItemCount=true|false (BETA - default=true) RemoveSelfLink=true|false
207 (BETA - default=true) RotateKubeletServerCertificate=true|false (BETA -
208 default=true) ServerSideApply=true|false (BETA - default=true) Servi‐
209 ceInternalTrafficPolicy=true|false (ALPHA - default=false) ServiceLBN‐
210 odePortControl=true|false (ALPHA - default=false) ServiceLoadBalancer‐
211 Class=true|false (ALPHA - default=false) ServiceTopology=true|false
212 (ALPHA - default=false) SetHostnameAsFQDN=true|false (BETA - de‐
213 fault=true) SizeMemoryBackedVolumes=true|false (ALPHA - default=false)
214 StorageVersionAPI=true|false (ALPHA - default=false) StorageVersion‐
215 Hash=true|false (BETA - default=true) SuspendJob=true|false (ALPHA -
216 default=false) TTLAfterFinished=true|false (BETA - default=true) Topol‐
217 ogyAwareHints=true|false (ALPHA - default=false) TopologyMan‐
218 ager=true|false (BETA - default=true) ValidateProxyRedirects=true|false
219 (BETA - default=true) VolumeCapacityPriority=true|false (ALPHA - de‐
220 fault=false) WarningHeaders=true|false (BETA - default=true)
221 WinDSR=true|false (ALPHA - default=false) WinOverlay=true|false (BETA -
222 default=true) WindowsEndpointSliceProxying=true|false (BETA - de‐
223 fault=true)
224 --hard-pod-affinity-symmetric-weight=1 DEPRECATED: RequiredDur‐
227 ingScheduling affinity is not symmetric, but there is an implicit Pre‐
228 ferredDuringScheduling affinity rule corresponding to every Required‐
229 DuringScheduling affinity rule. --hard-pod-affinity-symmetric-weight
230 represents the weight of implicit PreferredDuringScheduling affinity
231 rule. Must be in the range 0-100.This parameter is ignored if a config
232 file is specified in --config.
233 -h, --help=false help for kube-scheduler
236 --http2-max-streams-per-connection=0 The limit that the server
239 gives to clients for the maximum number of streams in an HTTP/2 connec‐
240 tion. Zero means to use golang's default.
241 --kube-api-burst=100 DEPRECATED: burst to use while talking with
244 kubernetes apiserver. This parameter is ignored if a config file is
245 specified in --config.
246 --kube-api-content-type="application/vnd.kubernetes.protobuf" DEP‐
249 RECATED: content type of requests sent to apiserver. This parameter is
250 ignored if a config file is specified in --config.
251 --kube-api-qps=50 DEPRECATED: QPS to use while talking with kuber‐
254 netes apiserver. This parameter is ignored if a config file is speci‐
255 fied in --config.
256 --kubeconfig="" DEPRECATED: path to kubeconfig file with autho‐
259 rization and master location information. This parameter is ignored if
260 a config file is specified in --config.
261 --leader-elect=true Start a leader election client and gain lead‐
264 ership before executing the main loop. Enable this when running repli‐
265 cated components for high availability.
266 --leader-elect-lease-duration=15s The duration that non-leader
269 candidates will wait after observing a leadership renewal until at‐
270 tempting to acquire leadership of a led but unrenewed leader slot. This
271 is effectively the maximum duration that a leader can be stopped before
272 it is replaced by another candidate. This is only applicable if leader
273 election is enabled.
274 --leader-elect-renew-deadline=10s The interval between attempts by
277 the acting master to renew a leadership slot before it stops leading.
278 This must be less than or equal to the lease duration. This is only ap‐
279 plicable if leader election is enabled.
280 --leader-elect-resource-lock="leases" The type of resource object
283 that is used for locking during leader election. Supported options are
284 'endpoints', 'configmaps', 'leases', 'endpointsleases' and 'configmap‐
285 sleases'.
286 --leader-elect-resource-name="kube-scheduler" The name of resource
289 object that is used for locking during leader election.
290 --leader-elect-resource-namespace="kube-system" The namespace of
293 resource object that is used for locking during leader election.
294 --leader-elect-retry-period=2s The duration the clients should
297 wait between attempting acquisition and renewal of a leadership. This
298 is only applicable if leader election is enabled.
299 --lock-object-name="kube-scheduler" DEPRECATED: define the name of
302 the lock object. Will be removed in favor of leader-elect-re‐
303 source-name. This parameter is ignored if a config file is specified in
304 --config.
305 --lock-object-namespace="kube-system" DEPRECATED: define the name‐
308 space of the lock object. Will be removed in favor of leader-elect-re‐
309 source-namespace. This parameter is ignored if a config file is speci‐
310 fied in --config.
311 --log-flush-frequency=5s Maximum number of seconds between log
314 flushes
315 --log_backtrace_at=:0 when logging hits line file:N, emit a stack
318 trace
319 --log_dir="" If non-empty, write log files in this directory
322 --log_file="" If non-empty, use this log file
325 --log_file_max_size=1800 Defines the maximum size a log file can
328 grow to. Unit is megabytes. If the value is 0, the maximum file size is
329 unlimited.
330 --logging-format="text" Sets the log format. Permitted formats:
333 "json", "text". Non-default formats don't honor these flags:
334 --add_dir_header, --alsologtostderr, --log_backtrace_at, --log_dir,
335 --log_file, --log_file_max_size, --logtostderr, --one_output,
336 --skip_headers, --skip_log_headers, --stderrthreshold, --vmodule,
337 --log-flush-frequency. Non-default choices are currently alpha and
338 subject to change without warning.
339 --logtostderr=true log to standard error instead of files
342 --master="" The address of the Kubernetes API server (overrides
345 any value in kubeconfig)
346 --one_output=false If true, only write logs to their native sever‐
349 ity level (vs also writing to each lower severity level)
350 --permit-address-sharing=false If true, SO_REUSEADDR will be used
353 when binding the port. This allows binding to wildcard IPs like 0.0.0.0
354 and specific IPs in parallel, and it avoids waiting for the kernel to
355 release sockets in TIME_WAIT state. [default=false]
356 --permit-port-sharing=false If true, SO_REUSEPORT will be used
359 when binding the port, which allows more than one instance to bind on
360 the same address and port. [default=false]
361 --policy-config-file="" DEPRECATED: file with scheduler policy
364 configuration. This file is used if policy ConfigMap is not provided or
365 --use-legacy-policy-config=true. Note: The scheduler will fail if this
366 is combined with Plugin configs
367 --policy-configmap="" DEPRECATED: name of the ConfigMap object
370 that contains scheduler's policy configuration. It must exist in the
371 system namespace before scheduler initialization if --use-legacy-pol‐
372 icy-config=false. The config must be provided as the value of an ele‐
373 ment in 'Data' map with the key='policy.cfg'. Note: The scheduler will
374 fail if this is combined with Plugin configs
375 --policy-configmap-namespace="kube-system" DEPRECATED: the name‐
378 space where policy ConfigMap is located. The kube-system namespace will
379 be used if this is not provided or is empty. Note: The scheduler will
380 fail if this is combined with Plugin configs
381 --port=10251 DEPRECATED: the port on which to serve HTTP inse‐
384 curely without authentication and authorization. If 0, don't serve
385 plain HTTP at all. See --secure-port instead. This parameter is ignored
386 if a config file is specified in --config.
387 --profiling=true DEPRECATED: enable profiling via web interface
390 host:port/debug/pprof/. This parameter is ignored if a config file is
391 specified in --config.
392 --requestheader-allowed-names=[] List of client certificate common
395 names to allow to provide usernames in headers specified by --request‐
396 header-username-headers. If empty, any client certificate validated by
397 the authorities in --requestheader-client-ca-file is allowed.
398 --requestheader-client-ca-file="" Root certificate bundle to use
401 to verify client certificates on incoming requests before trusting
402 usernames in headers specified by --requestheader-username-headers.
403 WARNING: generally do not depend on authorization being already done
404 for incoming requests.
405 --requestheader-extra-headers-prefix=[x-remote-extra-] List of re‐
408 quest header prefixes to inspect. X-Remote-Extra- is suggested.
409 --requestheader-group-headers=[x-remote-group] List of request
412 headers to inspect for groups. X-Remote-Group is suggested.
413 --requestheader-username-headers=[x-remote-user] List of request
416 headers to inspect for usernames. X-Remote-User is common.
417 --scheduler-name="default-scheduler" DEPRECATED: name of the
420 scheduler, used to select which pods will be processed by this sched‐
421 uler, based on pod's "spec.schedulerName". This parameter is ignored if
422 a config file is specified in --config.
423 --secure-port=10259 The port on which to serve HTTPS with authen‐
426 tication and authorization. If 0, don't serve HTTPS at all.
427 --show-hidden-metrics-for-version="" The previous version for
430 which you want to show hidden metrics. Only the previous minor version
431 is meaningful, other values will not be allowed. The format is ., e.g.:
432 '1.16'. The purpose of this format is make sure you have the opportu‐
433 nity to notice if the next release hides additional metrics, rather
434 than being surprised when they are permanently removed in the release
435 after that.
436 --skip_headers=false If true, avoid header prefixes in the log
439 messages
440 --skip_log_headers=false If true, avoid headers when opening log
443 files
444 --stderrthreshold=2 logs at or above this threshold go to stderr
447 --tls-cert-file="" File containing the default x509 Certificate
450 for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS
451 serving is enabled, and --tls-cert-file and --tls-private-key-file are
452 not provided, a self-signed certificate and key are generated for the
453 public address and saved to the directory specified by --cert-dir.
454 --tls-cipher-suites=[] Comma-separated list of cipher suites for
457 the server. If omitted, the default Go cipher suites will be used.
458 Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
459 TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
460 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
461 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
462 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
463 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
464 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
465 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
466 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
467 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
468 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
469 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
471 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
472 TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
473 TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
474 TLS_RSA_WITH_AES_256_GCM_SHA384. Insecure values:
475 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
476 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
477 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
478 TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA.
479 --tls-min-version="" Minimum TLS version supported. Possible val‐
482 ues: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
483 --tls-private-key-file="" File containing the default x509 private
486 key matching --tls-cert-file.
487 --tls-sni-cert-key=[] A pair of x509 certificate and private key
490 file paths, optionally suffixed with a list of domain patterns which
491 are fully qualified domain names, possibly with prefixed wildcard seg‐
492 ments. The domain patterns also allow IP addresses, but IPs should only
493 be used if the apiserver has visibility to the IP address requested by
494 a client. If no domain patterns are provided, the names of the certifi‐
495 cate are extracted. Non-wildcard matches trump over wildcard matches,
496 explicit domain patterns trump over extracted names. For multiple
497 key/certificate pairs, use the --tls-sni-cert-key multiple times. Exam‐
498 ples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".
499 --use-legacy-policy-config=false DEPRECATED: when set to true,
502 scheduler will ignore policy ConfigMap and uses policy config file.
503 Note: The scheduler will fail if this is combined with Plugin configs
504 -v, --v=0 number for the log level verbosity
507 --version=false Print version information and quit
510 --vmodule= comma-separated list of pattern=N settings for
513 file-filtered logging
514 --write-config-to="" If set, write the configuration values to
517 this file and exit.
518
522 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
523 com) based on the kubernetes source material, but hopefully they have
524 been automatically generated since!
525Manuals User KUBERNETES(1)(kubernetes)