1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl drain - Drain node in preparation for maintenance
10
11
12

SYNOPSIS

14       kubectl drain [OPTIONS]
15
16
17

DESCRIPTION

19       Drain node in preparation for maintenance.
20
21
22       The  given  node  will be marked unschedulable to prevent new pods from
23       arriving. 'drain' evicts the pods if the APIServer supports  http://ku
24       bernetes.io/docs/admin/disruptions/  .  Otherwise,  it  will use normal
25       DELETE to delete the pods. The 'drain' evicts or deletes all  pods  ex‐
26       cept  mirror pods (which cannot be deleted through the API server).  If
27       there are DaemonSet-managed pods, drain will not proceed without  --ig‐
28       nore-daemonsets,  and  regardless it will not delete any DaemonSet-man‐
29       aged pods, because those pods would be immediately replaced by the Dae‐
30       monSet  controller, which ignores unschedulable markings.  If there are
31       any pods that are neither mirror pods nor  managed  by  ReplicationCon‐
32       troller, ReplicaSet, DaemonSet, StatefulSet or Job, then drain will not
33       delete any pods unless you use --force.  --force will also allow  dele‐
34       tion  to  proceed if the managing resource of one or more pods is miss‐
35       ing.
36
37
38       'drain' waits for graceful termination. You should not operate  on  the
39       machine until the command completes.
40
41
42       When  you  are ready to put the node back into service, use kubectl un‐
43       cordon, which will make the node schedulable again.
44
45
46       http://kubernetes.io/images/docs/kubectl_drain.svg
47
48
49

OPTIONS

51       --delete-emptydir-data=false      Continue even if there are pods using
52       emptyDir (local data that will be deleted when the node is drained).
53
54
55       --delete-local-data=false       Continue  even  if there are pods using
56       emptyDir (local data that will be deleted when the node is drained).
57
58
59       --disable-eviction=false      Force drain to use delete, even if  evic‐
60       tion  is supported. This will bypass checking PodDisruptionBudgets, use
61       with caution.
62
63
64       --dry-run="none"      Must be "none", "server", or "client". If  client
65       strategy, only print the object that would be sent, without sending it.
66       If server strategy, submit server-side request without  persisting  the
67       resource.
68
69
70       --force=false       Continue  even  if  there are pods not managed by a
71       ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
72
73
74       --grace-period=-1      Period of time in seconds given to each  pod  to
75       terminate  gracefully.  If negative, the default value specified in the
76       pod will be used.
77
78
79       --ignore-daemonsets=false      Ignore DaemonSet-managed pods.
80
81
82       --ignore-errors=false      Ignore errors occurred between  drain  nodes
83       in group.
84
85
86       --pod-selector=""      Label selector to filter pods on the node
87
88
89       -l, --selector=""      Selector (label query) to filter on
90
91
92       --skip-wait-for-delete-timeout=0       If  pod  DeletionTimestamp older
93       than N seconds, skip waiting for the pod.  Seconds must be greater than
94       0 to skip.
95
96
97       --timeout=0s       The  length  of  time to wait before giving up, zero
98       means infinite
99
100
101

OPTIONS INHERITED FROM PARENT COMMANDS

103       --add-dir-header=false      If true, adds the  file  directory  to  the
104       header of the log messages
105
106
107       --alsologtostderr=false      log to standard error as well as files
108
109
110       --application-metrics-count-limit=100       Max  number  of application
111       metrics to store (per container)
112
113
114       --as=""      Username to impersonate for the operation
115
116
117       --as-group=[]      Group to impersonate for the  operation,  this  flag
118       can be repeated to specify multiple groups.
119
120
121       --azure-container-registry-config=""       Path  to the file containing
122       Azure container registry configuration information.
123
124
125       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
126       list of files to check for boot-id. Use the first one that exists.
127
128
129       --cache-dir="/builddir/.kube/cache"      Default cache directory
130
131
132       --certificate-authority=""      Path to a cert file for the certificate
133       authority
134
135
136       --client-certificate=""      Path to a client certificate file for TLS
137
138
139       --client-key=""      Path to a client key file for TLS
140
141
142       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
143            CIDRs  opened  in  GCE  firewall  for  L7 LB traffic proxy  health
144       checks
145
146
147       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
148            CIDRs  opened  in  GCE  firewall  for  L4 LB traffic proxy  health
149       checks
150
151
152       --cluster=""      The name of the kubeconfig cluster to use
153
154
155       --container-hints="/etc/cadvisor/container_hints.json"      location of
156       the container hints file
157
158
159       --containerd="/run/containerd/containerd.sock"      containerd endpoint
160
161
162       --containerd-namespace="k8s.io"      containerd namespace
163
164
165       --context=""      The name of the kubeconfig context to use
166
167
168       --default-not-ready-toleration-seconds=300       Indicates  the tolera‐
169       tionSeconds of the toleration for notReady:NoExecute that is  added  by
170       default to every pod that does not already have such a toleration.
171
172
173       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
174       tionSeconds of the toleration for unreachable:NoExecute that  is  added
175       by default to every pod that does not already have such a toleration.
176
177
178       --disable-root-cgroup-stats=false       Disable  collecting root Cgroup
179       stats
180
181
182       --docker="unix:///var/run/docker.sock"      docker endpoint
183
184
185       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
186       ronment  variable  keys  matched with specified prefix that needs to be
187       collected for docker containers
188
189
190       --docker-only=false      Only report docker containers in  addition  to
191       root stats
192
193
194       --docker-root="/var/lib/docker"       DEPRECATED:  docker  root is read
195       from docker info (this is a fallback, default: /var/lib/docker)
196
197
198       --docker-tls=false      use TLS to connect to docker
199
200
201       --docker-tls-ca="ca.pem"      path to trusted CA
202
203
204       --docker-tls-cert="cert.pem"      path to client certificate
205
206
207       --docker-tls-key="key.pem"      path to private key
208
209
210       --enable-load-reader=false      Whether to enable cpu load reader
211
212
213       --event-storage-age-limit="default=0"      Max length of time for which
214       to store events (per type). Value is a comma separated list of key val‐
215       ues, where the keys are event types (e.g.: creation, oom) or  "default"
216       and  the  value  is a duration. Default is applied to all non-specified
217       event types
218
219
220       --event-storage-event-limit="default=0"      Max number  of  events  to
221       store  (per type). Value is a comma separated list of key values, where
222       the keys are event types (e.g.: creation, oom)  or  "default"  and  the
223       value  is  an  integer.  Default  is applied to all non-specified event
224       types
225
226
227       --global-housekeeping-interval=1m0s      Interval between global house‐
228       keepings
229
230
231       --housekeeping-interval=10s       Interval between container housekeep‐
232       ings
233
234
235       --insecure-skip-tls-verify=false      If true, the server's certificate
236       will not be checked for validity. This will make your HTTPS connections
237       insecure
238
239
240       --kubeconfig=""      Path to the kubeconfig file to  use  for  CLI  re‐
241       quests.
242
243
244       --log-backtrace-at=:0       when logging hits line file:N, emit a stack
245       trace
246
247
248       --log-cadvisor-usage=false      Whether to log the usage of the  cAdvi‐
249       sor container
250
251
252       --log-dir=""      If non-empty, write log files in this directory
253
254
255       --log-file=""      If non-empty, use this log file
256
257
258       --log-file-max-size=1800       Defines  the maximum size a log file can
259       grow to. Unit is megabytes. If the value is 0, the maximum file size is
260       unlimited.
261
262
263       --log-flush-frequency=5s       Maximum  number  of  seconds between log
264       flushes
265
266
267       --logtostderr=true      log to standard error instead of files
268
269
270       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
271            Comma-separated  list  of  files  to check for machine-id. Use the
272       first one that exists.
273
274
275       --match-server-version=false       Require  server  version  to   match
276       client version
277
278
279       -n,  --namespace=""       If  present, the namespace scope for this CLI
280       request
281
282
283       --one-output=false      If true, only write logs to their native sever‐
284       ity level (vs also writing to each lower severity level)
285
286
287       --password=""      Password for basic authentication to the API server
288
289
290       --profile="none"         Name   of   profile   to   capture.   One   of
291       (none|cpu|heap|goroutine|threadcreate|block|mutex)
292
293
294       --profile-output="profile.pprof"      Name of the  file  to  write  the
295       profile to
296
297
298       --referenced-reset-interval=0       Reset interval for referenced bytes
299       (container_referenced_bytes metric), number of measurement cycles after
300       which  referenced  bytes  are cleared, if set to 0 referenced bytes are
301       never cleared (default: 0)
302
303
304       --request-timeout="0"      The length of time to wait before giving  up
305       on  a  single  server  request. Non-zero values should contain a corre‐
306       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
307       out requests.
308
309
310       -s, --server=""      The address and port of the Kubernetes API server
311
312
313       --skip-headers=false       If  true,  avoid  header prefixes in the log
314       messages
315
316
317       --skip-log-headers=false      If true, avoid headers when  opening  log
318       files
319
320
321       --stderrthreshold=2      logs at or above this threshold go to stderr
322
323
324       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
325       will be buffered for this duration, and committed  to  the  non  memory
326       backends as a single transaction
327
328
329       --storage-driver-db="cadvisor"      database name
330
331
332       --storage-driver-host="localhost:8086"      database host:port
333
334
335       --storage-driver-password="root"      database password
336
337
338       --storage-driver-secure=false      use secure connection with database
339
340
341       --storage-driver-table="stats"      table name
342
343
344       --storage-driver-user="root"      database username
345
346
347       --tls-server-name=""       Server  name  to  use for server certificate
348       validation. If it is not provided, the hostname  used  to  contact  the
349       server is used
350
351
352       --token=""      Bearer token for authentication to the API server
353
354
355       --update-machine-info-interval=5m0s       Interval between machine info
356       updates.
357
358
359       --user=""      The name of the kubeconfig user to use
360
361
362       --username=""      Username for basic authentication to the API server
363
364
365       -v, --v=0      number for the log level verbosity
366
367
368       --version=false      Print version information and quit
369
370
371       --vmodule=       comma-separated  list  of   pattern=N   settings   for
372       file-filtered logging
373
374
375       --warnings-as-errors=false      Treat warnings received from the server
376       as errors and exit with a non-zero exit code
377
378
379

EXAMPLE

381                # Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
382                $ kubectl drain foo --force
383
384                # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
385                $ kubectl drain foo --grace-period=900
386
387
388
389

SEE ALSO

391       kubectl(1),
392
393
394

HISTORY

396       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
397       com)  based  on the kubernetes source material, but hopefully they have
398       been automatically generated since!
399
400
401
402Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum