1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kube-scheduler -
10
11
12
14 kube-scheduler [OPTIONS]
15
16
17
19 The Kubernetes scheduler is a control plane process which assigns Pods
20 to Nodes. The scheduler determines which Nodes are valid placements for
21 each Pod in the scheduling queue according to constraints and available
22 resources. The scheduler then ranks each valid Node and binds the Pod
23 to a suitable Node. Multiple different schedulers may be used within a
24 cluster; kube-scheduler is the reference implementation. See schedul‐
25 ing ⟨https://kubernetes.io/docs/concepts/scheduling-eviction/⟩ for more
26 information about scheduling and the kube-scheduler component.
27
28
29
31 --add_dir_header=false If true, adds the file directory to the
32 header of the log messages
33
34
35 --address="0.0.0.0" DEPRECATED: the IP address on which to listen
36 for the --port port (set to 0.0.0.0 or :: for listening in all inter‐
37 faces and IP families). See --bind-address instead. This parameter is
38 ignored if a config file is specified in --config.
39
40
41 --algorithm-provider="" DEPRECATED: the scheduling algorithm
42 provider to use, this sets the default plugins for component config
43 profiles. Choose one of: ClusterAutoscalerProvider | DefaultProvider
44
45
46 --allow-metric-labels=[] The map from metric-label to value al‐
47 low-list of this label. The key's format is ,. The value's format is
48 ,...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' met‐
49 ric2,label1='v1,v2,v3'.
50
51
52 --alsologtostderr=false log to standard error as well as files
53
54
55 --authentication-kubeconfig="" kubeconfig file pointing at the
56 'core' kubernetes server with enough rights to create tokenreviews.au‐
57 thentication.k8s.io. This is optional. If empty, all token requests are
58 considered to be anonymous and no client CA is looked up in the clus‐
59 ter.
60
61
62 --authentication-skip-lookup=false If false, the authentica‐
63 tion-kubeconfig will be used to lookup missing authentication configu‐
64 ration from the cluster.
65
66
67 --authentication-token-webhook-cache-ttl=10s The duration to cache
68 responses from the webhook token authenticator.
69
70
71 --authentication-tolerate-lookup-failure=true If true, failures to
72 look up missing authentication configuration from the cluster are not
73 considered fatal. Note that this can result in authentication that
74 treats all requests as anonymous.
75
76
77 --authorization-always-allow-paths=[/healthz,/readyz,/livez] A
78 list of HTTP paths to skip during authorization, i.e. these are autho‐
79 rized without contacting the 'core' kubernetes server.
80
81
82 --authorization-kubeconfig="" kubeconfig file pointing at the
83 'core' kubernetes server with enough rights to create subjectaccessre‐
84 views.authorization.k8s.io. This is optional. If empty, all requests
85 not skipped by authorization are forbidden.
86
87
88 --authorization-webhook-cache-authorized-ttl=10s The duration to
89 cache 'authorized' responses from the webhook authorizer.
90
91
92 --authorization-webhook-cache-unauthorized-ttl=10s The duration to
93 cache 'unauthorized' responses from the webhook authorizer.
94
95
96 --azure-container-registry-config="" Path to the file containing
97 Azure container registry configuration information.
98
99
100 --bind-address=0.0.0.0 The IP address on which to listen for the
101 --secure-port port. The associated interface(s) must be reachable by
102 the rest of the cluster, and by CLI/web clients. If blank or an unspec‐
103 ified address (0.0.0.0 or ::), all interfaces will be used.
104
105
106 --cert-dir="" The directory where the TLS certs are located. If
107 --tls-cert-file and --tls-private-key-file are provided, this flag will
108 be ignored.
109
110
111 --client-ca-file="" If set, any request presenting a client cer‐
112 tificate signed by one of the authorities in the client-ca-file is au‐
113 thenticated with an identity corresponding to the CommonName of the
114 client certificate.
115
116
117 --config="" The path to the configuration file. The following
118 flags can overwrite fields in this file:
119 --algorithm-provider
120 --policy-config-file
121 --policy-configmap
122 --policy-configmap-namespace
123
124
125 --contention-profiling=true DEPRECATED: enable lock contention
126 profiling, if profiling is enabled. This parameter is ignored if a con‐
127 fig file is specified in --config.
128
129
130 --disabled-metrics=[] This flag provides an escape hatch for mis‐
131 behaving metrics. You must provide the fully qualified metric name in
132 order to disable it. Disclaimer: disabling metrics is higher in prece‐
133 dence than showing hidden metrics.
134
135
136 --experimental-logging-sanitization=false [Experimental] When en‐
137 abled prevents logging of fields tagged as sensitive (passwords, keys,
138 tokens). Runtime log sanitization may introduce significant computa‐
139 tion overhead and therefore should not be enabled in production.
140
141
142 --feature-gates= A set of key=value pairs that describe feature
143 gates for alpha/experimental features. Options are: APIListChunk‐
144 ing=true|false (BETA - default=true) APIPriorityAndFairness=true|false
145 (BETA - default=true) APIResponseCompression=true|false (BETA - de‐
146 fault=true) APIServerIdentity=true|false (ALPHA - default=false) AllAl‐
147 pha=true|false (ALPHA - default=false) AllBeta=true|false (BETA - de‐
148 fault=false) AnyVolumeDataSource=true|false (ALPHA - default=false) Ap‐
149 pArmor=true|false (BETA - default=true) BalanceAttachedNodeVol‐
150 umes=true|false (ALPHA - default=false) BoundServiceAccountTokenVol‐
151 ume=true|false (BETA - default=true) CPUManager=true|false (BETA - de‐
152 fault=true) CSIInlineVolume=true|false (BETA - default=true) CSIMigra‐
153 tion=true|false (BETA - default=true) CSIMigrationAWS=true|false (BETA
154 - default=false) CSIMigrationAzureDisk=true|false (BETA - de‐
155 fault=false) CSIMigrationAzureFile=true|false (BETA - default=false)
156 CSIMigrationGCE=true|false (BETA - default=false) CSIMigrationOpen‐
157 Stack=true|false (BETA - default=true) CSIMigrationvSphere=true|false
158 (BETA - default=false) CSIMigrationvSphereComplete=true|false (BETA -
159 default=false) CSIServiceAccountToken=true|false (BETA - default=true)
160 CSIStorageCapacity=true|false (BETA - default=true) CSIVolumeFSGroup‐
161 Policy=true|false (BETA - default=true) CSIVolumeHealth=true|false (AL‐
162 PHA - default=false) ConfigurableFSGroupPolicy=true|false (BETA - de‐
163 fault=true) ControllerManagerLeaderMigration=true|false (ALPHA - de‐
164 fault=false) CronJobControllerV2=true|false (BETA - default=true) Cus‐
165 tomCPUCFSQuotaPeriod=true|false (ALPHA - default=false) DaemonSetUp‐
166 dateSurge=true|false (ALPHA - default=false) DefaultPodTopolo‐
167 gySpread=true|false (BETA - default=true) DevicePlugins=true|false
168 (BETA - default=true) DisableAcceleratorUsageMetrics=true|false (BETA -
169 default=true) DownwardAPIHugePages=true|false (BETA - default=false)
170 DynamicKubeletConfig=true|false (BETA - default=true) EfficientWatchRe‐
171 sumption=true|false (BETA - default=true) EndpointSliceProxy‐
172 ing=true|false (BETA - default=true) EndpointSliceTerminatingCondi‐
173 tion=true|false (ALPHA - default=false) EphemeralContainers=true|false
174 (ALPHA - default=false) ExpandCSIVolumes=true|false (BETA - de‐
175 fault=true) ExpandInUsePersistentVolumes=true|false (BETA - de‐
176 fault=true) ExpandPersistentVolumes=true|false (BETA - default=true)
177 ExperimentalHostUserNamespaceDefaulting=true|false (BETA - de‐
178 fault=false) GenericEphemeralVolume=true|false (BETA - default=true)
179 GracefulNodeShutdown=true|false (BETA - default=true) HPAContainerMet‐
180 rics=true|false (ALPHA - default=false) HPAScaleToZero=true|false (AL‐
181 PHA - default=false) HugePageStorageMediumSize=true|false (BETA - de‐
182 fault=true) IPv6DualStack=true|false (BETA - default=true) InTreePlugi‐
183 nAWSUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
184 DiskUnregister=true|false (ALPHA - default=false) InTreePluginAzure‐
185 FileUnregister=true|false (ALPHA - default=false) InTreePluginGCEUnreg‐
186 ister=true|false (ALPHA - default=false) InTreePluginOpenStackUnregis‐
187 ter=true|false (ALPHA - default=false) InTreePluginvSphereUnregis‐
188 ter=true|false (ALPHA - default=false) IndexedJob=true|false (ALPHA -
189 default=false) IngressClassNamespacedParams=true|false (ALPHA - de‐
190 fault=false) KubeletCredentialProviders=true|false (ALPHA - de‐
191 fault=false) KubeletPodResources=true|false (BETA - default=true)
192 KubeletPodResourcesGetAllocatable=true|false (ALPHA - default=false)
193 LocalStorageCapacityIsolation=true|false (BETA - default=true) Local‐
194 StorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - de‐
195 fault=false) LogarithmicScaleDown=true|false (ALPHA - default=false)
196 MemoryManager=true|false (ALPHA - default=false) MixedProtocolLBSer‐
197 vice=true|false (ALPHA - default=false) NamespaceDefaultLabel‐
198 Name=true|false (BETA - default=true) NetworkPolicyEndPort=true|false
199 (ALPHA - default=false) NonPreemptingPriority=true|false (BETA - de‐
200 fault=true) PodAffinityNamespaceSelector=true|false (ALPHA - de‐
201 fault=false) PodDeletionCost=true|false (ALPHA - default=false)
202 PodOverhead=true|false (BETA - default=true) PreferNominat‐
203 edNode=true|false (ALPHA - default=false) ProbeTerminationGracePe‐
204 riod=true|false (ALPHA - default=false) ProcMountType=true|false (ALPHA
205 - default=false) QOSReserved=true|false (ALPHA - default=false) Remain‐
206 ingItemCount=true|false (BETA - default=true) RemoveSelfLink=true|false
207 (BETA - default=true) RotateKubeletServerCertificate=true|false (BETA -
208 default=true) ServerSideApply=true|false (BETA - default=true) Servi‐
209 ceInternalTrafficPolicy=true|false (ALPHA - default=false) ServiceLBN‐
210 odePortControl=true|false (ALPHA - default=false) ServiceLoadBalancer‐
211 Class=true|false (ALPHA - default=false) ServiceTopology=true|false
212 (ALPHA - default=false) SetHostnameAsFQDN=true|false (BETA - de‐
213 fault=true) SizeMemoryBackedVolumes=true|false (ALPHA - default=false)
214 StorageVersionAPI=true|false (ALPHA - default=false) StorageVersion‐
215 Hash=true|false (BETA - default=true) SuspendJob=true|false (ALPHA -
216 default=false) TTLAfterFinished=true|false (BETA - default=true) Topol‐
217 ogyAwareHints=true|false (ALPHA - default=false) TopologyMan‐
218 ager=true|false (BETA - default=true) ValidateProxyRedirects=true|false
219 (BETA - default=true) VolumeCapacityPriority=true|false (ALPHA - de‐
220 fault=false) WarningHeaders=true|false (BETA - default=true)
221 WinDSR=true|false (ALPHA - default=false) WinOverlay=true|false (BETA -
222 default=true) WindowsEndpointSliceProxying=true|false (BETA - de‐
223 fault=true)
224
225
226 --hard-pod-affinity-symmetric-weight=1 DEPRECATED: RequiredDur‐
227 ingScheduling affinity is not symmetric, but there is an implicit Pre‐
228 ferredDuringScheduling affinity rule corresponding to every Required‐
229 DuringScheduling affinity rule. --hard-pod-affinity-symmetric-weight
230 represents the weight of implicit PreferredDuringScheduling affinity
231 rule. Must be in the range 0-100.This parameter is ignored if a config
232 file is specified in --config.
233
234
235 -h, --help=false help for kube-scheduler
236
237
238 --http2-max-streams-per-connection=0 The limit that the server
239 gives to clients for the maximum number of streams in an HTTP/2 connec‐
240 tion. Zero means to use golang's default.
241
242
243 --kube-api-burst=100 DEPRECATED: burst to use while talking with
244 kubernetes apiserver. This parameter is ignored if a config file is
245 specified in --config.
246
247
248 --kube-api-content-type="application/vnd.kubernetes.protobuf" DEP‐
249 RECATED: content type of requests sent to apiserver. This parameter is
250 ignored if a config file is specified in --config.
251
252
253 --kube-api-qps=50 DEPRECATED: QPS to use while talking with kuber‐
254 netes apiserver. This parameter is ignored if a config file is speci‐
255 fied in --config.
256
257
258 --kubeconfig="" DEPRECATED: path to kubeconfig file with autho‐
259 rization and master location information. This parameter is ignored if
260 a config file is specified in --config.
261
262
263 --leader-elect=true Start a leader election client and gain lead‐
264 ership before executing the main loop. Enable this when running repli‐
265 cated components for high availability.
266
267
268 --leader-elect-lease-duration=15s The duration that non-leader
269 candidates will wait after observing a leadership renewal until at‐
270 tempting to acquire leadership of a led but unrenewed leader slot. This
271 is effectively the maximum duration that a leader can be stopped before
272 it is replaced by another candidate. This is only applicable if leader
273 election is enabled.
274
275
276 --leader-elect-renew-deadline=10s The interval between attempts by
277 the acting master to renew a leadership slot before it stops leading.
278 This must be less than or equal to the lease duration. This is only ap‐
279 plicable if leader election is enabled.
280
281
282 --leader-elect-resource-lock="leases" The type of resource object
283 that is used for locking during leader election. Supported options are
284 'endpoints', 'configmaps', 'leases', 'endpointsleases' and 'configmap‐
285 sleases'.
286
287
288 --leader-elect-resource-name="kube-scheduler" The name of resource
289 object that is used for locking during leader election.
290
291
292 --leader-elect-resource-namespace="kube-system" The namespace of
293 resource object that is used for locking during leader election.
294
295
296 --leader-elect-retry-period=2s The duration the clients should
297 wait between attempting acquisition and renewal of a leadership. This
298 is only applicable if leader election is enabled.
299
300
301 --lock-object-name="kube-scheduler" DEPRECATED: define the name of
302 the lock object. Will be removed in favor of leader-elect-re‐
303 source-name. This parameter is ignored if a config file is specified in
304 --config.
305
306
307 --lock-object-namespace="kube-system" DEPRECATED: define the name‐
308 space of the lock object. Will be removed in favor of leader-elect-re‐
309 source-namespace. This parameter is ignored if a config file is speci‐
310 fied in --config.
311
312
313 --log-flush-frequency=5s Maximum number of seconds between log
314 flushes
315
316
317 --log_backtrace_at=:0 when logging hits line file:N, emit a stack
318 trace
319
320
321 --log_dir="" If non-empty, write log files in this directory
322
323
324 --log_file="" If non-empty, use this log file
325
326
327 --log_file_max_size=1800 Defines the maximum size a log file can
328 grow to. Unit is megabytes. If the value is 0, the maximum file size is
329 unlimited.
330
331
332 --logging-format="text" Sets the log format. Permitted formats:
333 "json", "text". Non-default formats don't honor these flags:
334 --add_dir_header, --alsologtostderr, --log_backtrace_at, --log_dir,
335 --log_file, --log_file_max_size, --logtostderr, --one_output,
336 --skip_headers, --skip_log_headers, --stderrthreshold, --vmodule,
337 --log-flush-frequency. Non-default choices are currently alpha and
338 subject to change without warning.
339
340
341 --logtostderr=true log to standard error instead of files
342
343
344 --master="" The address of the Kubernetes API server (overrides
345 any value in kubeconfig)
346
347
348 --one_output=false If true, only write logs to their native sever‐
349 ity level (vs also writing to each lower severity level)
350
351
352 --permit-address-sharing=false If true, SO_REUSEADDR will be used
353 when binding the port. This allows binding to wildcard IPs like 0.0.0.0
354 and specific IPs in parallel, and it avoids waiting for the kernel to
355 release sockets in TIME_WAIT state. [default=false]
356
357
358 --permit-port-sharing=false If true, SO_REUSEPORT will be used
359 when binding the port, which allows more than one instance to bind on
360 the same address and port. [default=false]
361
362
363 --policy-config-file="" DEPRECATED: file with scheduler policy
364 configuration. This file is used if policy ConfigMap is not provided or
365 --use-legacy-policy-config=true. Note: The scheduler will fail if this
366 is combined with Plugin configs
367
368
369 --policy-configmap="" DEPRECATED: name of the ConfigMap object
370 that contains scheduler's policy configuration. It must exist in the
371 system namespace before scheduler initialization if --use-legacy-pol‐
372 icy-config=false. The config must be provided as the value of an ele‐
373 ment in 'Data' map with the key='policy.cfg'. Note: The scheduler will
374 fail if this is combined with Plugin configs
375
376
377 --policy-configmap-namespace="kube-system" DEPRECATED: the name‐
378 space where policy ConfigMap is located. The kube-system namespace will
379 be used if this is not provided or is empty. Note: The scheduler will
380 fail if this is combined with Plugin configs
381
382
383 --port=10251 DEPRECATED: the port on which to serve HTTP inse‐
384 curely without authentication and authorization. If 0, don't serve
385 plain HTTP at all. See --secure-port instead. This parameter is ignored
386 if a config file is specified in --config.
387
388
389 --profiling=true DEPRECATED: enable profiling via web interface
390 host:port/debug/pprof/. This parameter is ignored if a config file is
391 specified in --config.
392
393
394 --requestheader-allowed-names=[] List of client certificate common
395 names to allow to provide usernames in headers specified by --request‐
396 header-username-headers. If empty, any client certificate validated by
397 the authorities in --requestheader-client-ca-file is allowed.
398
399
400 --requestheader-client-ca-file="" Root certificate bundle to use
401 to verify client certificates on incoming requests before trusting
402 usernames in headers specified by --requestheader-username-headers.
403 WARNING: generally do not depend on authorization being already done
404 for incoming requests.
405
406
407 --requestheader-extra-headers-prefix=[x-remote-extra-] List of re‐
408 quest header prefixes to inspect. X-Remote-Extra- is suggested.
409
410
411 --requestheader-group-headers=[x-remote-group] List of request
412 headers to inspect for groups. X-Remote-Group is suggested.
413
414
415 --requestheader-username-headers=[x-remote-user] List of request
416 headers to inspect for usernames. X-Remote-User is common.
417
418
419 --scheduler-name="default-scheduler" DEPRECATED: name of the
420 scheduler, used to select which pods will be processed by this sched‐
421 uler, based on pod's "spec.schedulerName". This parameter is ignored if
422 a config file is specified in --config.
423
424
425 --secure-port=10259 The port on which to serve HTTPS with authen‐
426 tication and authorization. If 0, don't serve HTTPS at all.
427
428
429 --show-hidden-metrics-for-version="" The previous version for
430 which you want to show hidden metrics. Only the previous minor version
431 is meaningful, other values will not be allowed. The format is ., e.g.:
432 '1.16'. The purpose of this format is make sure you have the opportu‐
433 nity to notice if the next release hides additional metrics, rather
434 than being surprised when they are permanently removed in the release
435 after that.
436
437
438 --skip_headers=false If true, avoid header prefixes in the log
439 messages
440
441
442 --skip_log_headers=false If true, avoid headers when opening log
443 files
444
445
446 --stderrthreshold=2 logs at or above this threshold go to stderr
447
448
449 --tls-cert-file="" File containing the default x509 Certificate
450 for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS
451 serving is enabled, and --tls-cert-file and --tls-private-key-file are
452 not provided, a self-signed certificate and key are generated for the
453 public address and saved to the directory specified by --cert-dir.
454
455
456 --tls-cipher-suites=[] Comma-separated list of cipher suites for
457 the server. If omitted, the default Go cipher suites will be used.
458 Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
459 TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
460 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
461 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
462 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
463 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
464 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
465 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
466 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
467 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
468 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
469 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
471 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
472 TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
473 TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
474 TLS_RSA_WITH_AES_256_GCM_SHA384. Insecure values:
475 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
476 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
477 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
478 TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA.
479
480
481 --tls-min-version="" Minimum TLS version supported. Possible val‐
482 ues: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
483
484
485 --tls-private-key-file="" File containing the default x509 private
486 key matching --tls-cert-file.
487
488
489 --tls-sni-cert-key=[] A pair of x509 certificate and private key
490 file paths, optionally suffixed with a list of domain patterns which
491 are fully qualified domain names, possibly with prefixed wildcard seg‐
492 ments. The domain patterns also allow IP addresses, but IPs should only
493 be used if the apiserver has visibility to the IP address requested by
494 a client. If no domain patterns are provided, the names of the certifi‐
495 cate are extracted. Non-wildcard matches trump over wildcard matches,
496 explicit domain patterns trump over extracted names. For multiple
497 key/certificate pairs, use the --tls-sni-cert-key multiple times. Exam‐
498 ples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".
499
500
501 --use-legacy-policy-config=false DEPRECATED: when set to true,
502 scheduler will ignore policy ConfigMap and uses policy config file.
503 Note: The scheduler will fail if this is combined with Plugin configs
504
505
506 -v, --v=0 number for the log level verbosity
507
508
509 --version=false Print version information and quit
510
511
512 --vmodule= comma-separated list of pattern=N settings for
513 file-filtered logging
514
515
516 --write-config-to="" If set, write the configuration values to
517 this file and exit.
518
519
520
522 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
523 com) based on the kubernetes source material, but hopefully they have
524 been automatically generated since!
525
526
527
528Manuals User KUBERNETES(1)(kubernetes)