1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kube-scheduler -
10
14 kube-scheduler [OPTIONS]
15
19 The Kubernetes scheduler is a control plane process which assigns Pods
20 to Nodes. The scheduler determines which Nodes are valid placements for
21 each Pod in the scheduling queue according to constraints and available
22 resources. The scheduler then ranks each valid Node and binds the Pod
23 to a suitable Node. Multiple different schedulers may be used within a
24 cluster; kube-scheduler is the reference implementation. See schedul‐
25 ing ⟨https://kubernetes.io/docs/concepts/scheduling-eviction/⟩ for more
26 information about scheduling and the kube-scheduler component.
27
31 --add_dir_header=false If true, adds the file directory to the
32 header of the log messages
33 --allow-metric-labels=[] The map from metric-label to value allow-
36 list of this label. The key's format is ,. The value's format is
37 ,...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' met‐
38 ric2,label1='v1,v2,v3'.
39 --alsologtostderr=false log to standard error as well as files (no
42 effect when -logtostderr=true)
43 --authentication-kubeconfig="" kubeconfig file pointing at the
46 'core' kubernetes server with enough rights to create tokenreviews.au‐
47 thentication.k8s.io. This is optional. If empty, all token requests are
48 considered to be anonymous and no client CA is looked up in the clus‐
49 ter.
50 --authentication-skip-lookup=false If false, the authentication-
53 kubeconfig will be used to lookup missing authentication configuration
54 from the cluster.
55 --authentication-token-webhook-cache-ttl=10s The duration to cache
58 responses from the webhook token authenticator.
59 --authentication-tolerate-lookup-failure=true If true, failures to
62 look up missing authentication configuration from the cluster are not
63 considered fatal. Note that this can result in authentication that
64 treats all requests as anonymous.
65 --authorization-always-allow-paths=[/healthz,/readyz,/livez] A
68 list of HTTP paths to skip during authorization, i.e. these are autho‐
69 rized without contacting the 'core' kubernetes server.
70 --authorization-kubeconfig="" kubeconfig file pointing at the
73 'core' kubernetes server with enough rights to create subjectaccessre‐
74 views.authorization.k8s.io. This is optional. If empty, all requests
75 not skipped by authorization are forbidden.
76 --authorization-webhook-cache-authorized-ttl=10s The duration to
79 cache 'authorized' responses from the webhook authorizer.
80 --authorization-webhook-cache-unauthorized-ttl=10s The duration to
83 cache 'unauthorized' responses from the webhook authorizer.
84 --azure-container-registry-config="" Path to the file containing
87 Azure container registry configuration information.
88 --bind-address=0.0.0.0 The IP address on which to listen for the
91 --secure-port port. The associated interface(s) must be reachable by
92 the rest of the cluster, and by CLI/web clients. If blank or an unspec‐
93 ified address (0.0.0.0 or ::), all interfaces will be used.
94 --cert-dir="" The directory where the TLS certs are located. If
97 --tls-cert-file and --tls-private-key-file are provided, this flag will
98 be ignored.
99 --client-ca-file="" If set, any request presenting a client cer‐
102 tificate signed by one of the authorities in the client-ca-file is au‐
103 thenticated with an identity corresponding to the CommonName of the
104 client certificate.
105 --config="" The path to the configuration file.
108 --contention-profiling=true DEPRECATED: enable lock contention
111 profiling, if profiling is enabled. This parameter is ignored if a con‐
112 fig file is specified in --config.
113 --disabled-metrics=[] This flag provides an escape hatch for mis‐
116 behaving metrics. You must provide the fully qualified metric name in
117 order to disable it. Disclaimer: disabling metrics is higher in prece‐
118 dence than showing hidden metrics.
119 --feature-gates= A set of key=value pairs that describe feature
122 gates for alpha/experimental features. Options are: APIListChunk‐
123 ing=true|false (BETA - default=true) APIPriorityAndFairness=true|false
124 (BETA - default=true) APIResponseCompression=true|false (BETA - de‐
125 fault=true) APIServerIdentity=true|false (ALPHA - default=false) APIS‐
126 erverTracing=true|false (ALPHA - default=false) AllAlpha=true|false
127 (ALPHA - default=false) AllBeta=true|false (BETA - default=false)
128 AnyVolumeDataSource=true|false (BETA - default=true) AppAr‐
129 mor=true|false (BETA - default=true) CPUManager=true|false (BETA - de‐
130 fault=true) CPUManagerPolicyAlphaOptions=true|false (ALPHA - de‐
131 fault=false) CPUManagerPolicyBetaOptions=true|false (BETA - de‐
132 fault=true) CPUManagerPolicyOptions=true|false (BETA - default=true)
133 CSIMigrationAzureFile=true|false (BETA - default=true) CSIMigra‐
134 tionPortworx=true|false (BETA - default=false) CSIMigra‐
135 tionRBD=true|false (ALPHA - default=false) CSIMigrationv‐
136 Sphere=true|false (BETA - default=true) CSINodeExpandSecret=true|false
137 (ALPHA - default=false) CSIVolumeHealth=true|false (ALPHA - de‐
138 fault=false) ContainerCheckpoint=true|false (ALPHA - default=false)
139 ContextualLogging=true|false (ALPHA - default=false) CronJobTime‐
140 Zone=true|false (BETA - default=true) CustomCPUCFSQuotaPe‐
141 riod=true|false (ALPHA - default=false) CustomResourceValidationExpres‐
142 sions=true|false (BETA - default=true) DelegateFSGroupToC‐
143 SIDriver=true|false (BETA - default=true) DevicePlugins=true|false
144 (BETA - default=true) DisableCloudProviders=true|false (ALPHA - de‐
145 fault=false) DisableKubeletCloudCredentialProviders=true|false (ALPHA -
146 default=false) DownwardAPIHugePages=true|false (BETA - default=true)
147 EndpointSliceTerminatingCondition=true|false (BETA - default=true) Ex‐
148 pandedDNSConfig=true|false (ALPHA - default=false) ExperimentalHos‐
149 tUserNamespaceDefaulting=true|false (BETA - default=false) GRPCContain‐
150 erProbe=true|false (BETA - default=true) GracefulNodeShut‐
151 down=true|false (BETA - default=true) GracefulNodeShutdownBasedOnPod‐
152 Priority=true|false (BETA - default=true) HPAContainerMet‐
153 rics=true|false (ALPHA - default=false) HPAScaleToZero=true|false (AL‐
154 PHA - default=false) HonorPVReclaimPolicy=true|false (ALPHA - de‐
155 fault=false) IPTablesOwnershipCleanup=true|false (ALPHA - de‐
156 fault=false) InTreePluginAWSUnregister=true|false (ALPHA - de‐
157 fault=false) InTreePluginAzureDiskUnregister=true|false (ALPHA - de‐
158 fault=false) InTreePluginAzureFileUnregister=true|false (ALPHA - de‐
159 fault=false) InTreePluginGCEUnregister=true|false (ALPHA - de‐
160 fault=false) InTreePluginOpenStackUnregister=true|false (ALPHA - de‐
161 fault=false) InTreePluginPortworxUnregister=true|false (ALPHA - de‐
162 fault=false) InTreePluginRBDUnregister=true|false (ALPHA - de‐
163 fault=false) InTreePluginvSphereUnregister=true|false (ALPHA - de‐
164 fault=false) JobMutableNodeSchedulingDirectives=true|false (BETA - de‐
165 fault=true) JobPodFailurePolicy=true|false (ALPHA - default=false) Jo‐
166 bReadyPods=true|false (BETA - default=true) JobTrackingWithFinaliz‐
167 ers=true|false (BETA - default=true) KMSv2=true|false (ALPHA - de‐
168 fault=false) KubeletCredentialProviders=true|false (BETA - de‐
169 fault=true) KubeletInUserNamespace=true|false (ALPHA - default=false)
170 KubeletPodResources=true|false (BETA - default=true) KubeletPo‐
171 dResourcesGetAllocatable=true|false (BETA - default=true) KubeletTrac‐
172 ing=true|false (ALPHA - default=false) LegacyServiceAccountTokenNoAuto‐
173 Generation=true|false (BETA - default=true) LocalStorageCapacityIsola‐
174 tionFSQuotaMonitoring=true|false (ALPHA - default=false) Logarithmic‐
175 ScaleDown=true|false (BETA - default=true) LoggingAlphaOp‐
176 tions=true|false (ALPHA - default=false) LoggingBetaOptions=true|false
177 (BETA - default=true) MatchLabelKeysInPodTopologySpread=true|false (AL‐
178 PHA - default=false) MaxUnavailableStatefulSet=true|false (ALPHA - de‐
179 fault=false) MemoryManager=true|false (BETA - default=true) Memo‐
180 ryQoS=true|false (ALPHA - default=false) MinDomainsInPodTopolo‐
181 gySpread=true|false (BETA - default=false) MixedProtocolLBSer‐
182 vice=true|false (BETA - default=true) MultiCIDRRangeAlloca‐
183 tor=true|false (ALPHA - default=false) NetworkPolicyStatus=true|false
184 (ALPHA - default=false) NodeInclusionPolicyInPodTopolo‐
185 gySpread=true|false (ALPHA - default=false) NodeOutOfServiceVolumeDe‐
186 tach=true|false (ALPHA - default=false) NodeSwap=true|false (ALPHA -
187 default=false) OpenAPIEnums=true|false (BETA - default=true) Ope‐
188 nAPIV3=true|false (BETA - default=true) PodAndContainerStatsFrom‐
189 CRI=true|false (ALPHA - default=false) PodDeletionCost=true|false (BETA
190 - default=true) PodDisruptionConditions=true|false (ALPHA - de‐
191 fault=false) PodHasNetworkCondition=true|false (ALPHA - default=false)
192 ProbeTerminationGracePeriod=true|false (BETA - default=true) ProcMount‐
193 Type=true|false (ALPHA - default=false) ProxyTerminatingEnd‐
194 points=true|false (ALPHA - default=false) QOSReserved=true|false (ALPHA
195 - default=false) ReadWriteOncePod=true|false (ALPHA - default=false)
196 RecoverVolumeExpansionFailure=true|false (ALPHA - default=false) Re‐
197 mainingItemCount=true|false (BETA - default=true) RetroactiveDefault‐
198 StorageClass=true|false (ALPHA - default=false) RotateKubeletServerCer‐
199 tificate=true|false (BETA - default=true) SELinuxMountReadWriteOnce‐
200 Pod=true|false (ALPHA - default=false) SeccompDefault=true|false (BETA
201 - default=true) ServerSideFieldValidation=true|false (BETA - de‐
202 fault=true) ServiceIPStaticSubrange=true|false (BETA - default=true)
203 ServiceInternalTrafficPolicy=true|false (BETA - default=true) SizeMemo‐
204 ryBackedVolumes=true|false (BETA - default=true) StatefulSetAu‐
205 toDeletePVC=true|false (ALPHA - default=false) StorageVersion‐
206 API=true|false (ALPHA - default=false) StorageVersionHash=true|false
207 (BETA - default=true) TopologyAwareHints=true|false (BETA - de‐
208 fault=true) TopologyManager=true|false (BETA - default=true) UserNames‐
209 pacesStatelessPodsSupport=true|false (ALPHA - default=false) VolumeCa‐
210 pacityPriority=true|false (ALPHA - default=false) WinDSR=true|false
211 (ALPHA - default=false) WinOverlay=true|false (BETA - default=true)
212 WindowsHostProcessContainers=true|false (BETA - default=true)
213 -h, --help=false help for kube-scheduler
216 --http2-max-streams-per-connection=0 The limit that the server
219 gives to clients for the maximum number of streams in an HTTP/2 connec‐
220 tion. Zero means to use golang's default.
221 --kube-api-burst=100 DEPRECATED: burst to use while talking with
224 kubernetes apiserver. This parameter is ignored if a config file is
225 specified in --config.
226 --kube-api-content-type="application/vnd.kubernetes.protobuf" DEP‐
229 RECATED: content type of requests sent to apiserver. This parameter is
230 ignored if a config file is specified in --config.
231 --kube-api-qps=50 DEPRECATED: QPS to use while talking with kuber‐
234 netes apiserver. This parameter is ignored if a config file is speci‐
235 fied in --config.
236 --kubeconfig="" DEPRECATED: path to kubeconfig file with autho‐
239 rization and master location information. This parameter is ignored if
240 a config file is specified in --config.
241 --leader-elect=true Start a leader election client and gain lead‐
244 ership before executing the main loop. Enable this when running repli‐
245 cated components for high availability.
246 --leader-elect-lease-duration=15s The duration that non-leader
249 candidates will wait after observing a leadership renewal until at‐
250 tempting to acquire leadership of a led but unrenewed leader slot. This
251 is effectively the maximum duration that a leader can be stopped before
252 it is replaced by another candidate. This is only applicable if leader
253 election is enabled.
254 --leader-elect-renew-deadline=10s The interval between attempts by
257 the acting master to renew a leadership slot before it stops leading.
258 This must be less than or equal to the lease duration. This is only ap‐
259 plicable if leader election is enabled.
260 --leader-elect-resource-lock="leases" The type of resource object
263 that is used for locking during leader election. Supported options are
264 'leases', 'endpointsleases' and 'configmapsleases'.
265 --leader-elect-resource-name="kube-scheduler" The name of resource
268 object that is used for locking during leader election.
269 --leader-elect-resource-namespace="kube-system" The namespace of
272 resource object that is used for locking during leader election.
273 --leader-elect-retry-period=2s The duration the clients should
276 wait between attempting acquisition and renewal of a leadership. This
277 is only applicable if leader election is enabled.
278 --lock-object-name="kube-scheduler" DEPRECATED: define the name of
281 the lock object. Will be removed in favor of leader-elect-resource-
282 name. This parameter is ignored if a config file is specified in --con‐
283 fig.
284 --lock-object-namespace="kube-system" DEPRECATED: define the name‐
287 space of the lock object. Will be removed in favor of leader-elect-re‐
288 source-namespace. This parameter is ignored if a config file is speci‐
289 fied in --config.
290 --log-flush-frequency=5s Maximum number of seconds between log
293 flushes
294 --log_backtrace_at=:0 when logging hits line file:N, emit a stack
297 trace
298 --log_dir="" If non-empty, write log files in this directory (no
301 effect when -logtostderr=true)
302 --log_file="" If non-empty, use this log file (no effect when
305 -logtostderr=true)
306 --log_file_max_size=1800 Defines the maximum size a log file can
309 grow to (no effect when -logtostderr=true). Unit is megabytes. If the
310 value is 0, the maximum file size is unlimited.
311 --logging-format="text" Sets the log format. Permitted formats:
314 "text". Non-default formats don't honor these flags: --add-dir-header,
315 --alsologtostderr, --log-backtrace-at, --log-dir, --log-file, --log-
316 file-max-size, --logtostderr, --one-output, --skip-headers, --skip-log-
317 headers, --stderrthreshold, --vmodule. Non-default choices are cur‐
318 rently alpha and subject to change without warning.
319 --logtostderr=true log to standard error instead of files
322 --master="" The address of the Kubernetes API server (overrides
325 any value in kubeconfig)
326 --one_output=false If true, only write logs to their native sever‐
329 ity level (vs also writing to each lower severity level; no effect when
330 -logtostderr=true)
331 --permit-address-sharing=false If true, SO_REUSEADDR will be used
334 when binding the port. This allows binding to wildcard IPs like 0.0.0.0
335 and specific IPs in parallel, and it avoids waiting for the kernel to
336 release sockets in TIME_WAIT state. [default=false]
337 --permit-port-sharing=false If true, SO_REUSEPORT will be used
340 when binding the port, which allows more than one instance to bind on
341 the same address and port. [default=false]
342 --pod-max-in-unschedulable-pods-duration=5m0s DEPRECATED: the max‐
345 imum time a pod can stay in unschedulablePods. If a pod stays in un‐
346 schedulablePods for longer than this value, the pod will be moved from
347 unschedulablePods to backoffQ or activeQ. This flag is deprecated and
348 will be removed in 1.26
349 --profiling=true DEPRECATED: enable profiling via web interface
352 host:port/debug/pprof/. This parameter is ignored if a config file is
353 specified in --config.
354 --requestheader-allowed-names=[] List of client certificate common
357 names to allow to provide usernames in headers specified by --request‐
358 header-username-headers. If empty, any client certificate validated by
359 the authorities in --requestheader-client-ca-file is allowed.
360 --requestheader-client-ca-file="" Root certificate bundle to use
363 to verify client certificates on incoming requests before trusting
364 usernames in headers specified by --requestheader-username-headers.
365 WARNING: generally do not depend on authorization being already done
366 for incoming requests.
367 --requestheader-extra-headers-prefix=[x-remote-extra-] List of re‐
370 quest header prefixes to inspect. X-Remote-Extra- is suggested.
371 --requestheader-group-headers=[x-remote-group] List of request
374 headers to inspect for groups. X-Remote-Group is suggested.
375 --requestheader-username-headers=[x-remote-user] List of request
378 headers to inspect for usernames. X-Remote-User is common.
379 --secure-port=10259 The port on which to serve HTTPS with authen‐
382 tication and authorization. If 0, don't serve HTTPS at all.
383 --show-hidden-metrics-for-version="" The previous version for
386 which you want to show hidden metrics. Only the previous minor version
387 is meaningful, other values will not be allowed. The format is ., e.g.:
388 '1.16'. The purpose of this format is make sure you have the opportu‐
389 nity to notice if the next release hides additional metrics, rather
390 than being surprised when they are permanently removed in the release
391 after that.
392 --skip_headers=false If true, avoid header prefixes in the log
395 messages
396 --skip_log_headers=false If true, avoid headers when opening log
399 files (no effect when -logtostderr=true)
400 --stderrthreshold=2 logs at or above this threshold go to stderr
403 when writing to files and stderr (no effect when -logtostderr=true or
404 -alsologtostderr=false)
405 --tls-cert-file="" File containing the default x509 Certificate
408 for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS
409 serving is enabled, and --tls-cert-file and --tls-private-key-file are
410 not provided, a self-signed certificate and key are generated for the
411 public address and saved to the directory specified by --cert-dir.
412 --tls-cipher-suites=[] Comma-separated list of cipher suites for
415 the server. If omitted, the default Go cipher suites will be used.
416 Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
417 TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
418 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
419 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
420 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
421 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
422 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
423 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
424 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
425 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
426 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
427 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
428 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
429 TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256,
430 TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384. Inse‐
431 cure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
432 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
433 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
434 TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
435 TLS_RSA_WITH_RC4_128_SHA.
436 --tls-min-version="" Minimum TLS version supported. Possible val‐
439 ues: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
440 --tls-private-key-file="" File containing the default x509 private
443 key matching --tls-cert-file.
444 --tls-sni-cert-key=[] A pair of x509 certificate and private key
447 file paths, optionally suffixed with a list of domain patterns which
448 are fully qualified domain names, possibly with prefixed wildcard seg‐
449 ments. The domain patterns also allow IP addresses, but IPs should only
450 be used if the apiserver has visibility to the IP address requested by
451 a client. If no domain patterns are provided, the names of the certifi‐
452 cate are extracted. Non-wildcard matches trump over wildcard matches,
453 explicit domain patterns trump over extracted names. For multiple
454 key/certificate pairs, use the --tls-sni-cert-key multiple times. Exam‐
455 ples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".
456 -v, --v=0 number for the log level verbosity
459 --version=false Print version information and quit
462 --vmodule= comma-separated list of pattern=N settings for file-
465 filtered logging (only works for text log format)
466 --write-config-to="" If set, write the configuration values to
469 this file and exit.
470
474 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
475 com) based on the kubernetes source material, but hopefully they have
476 been automatically generated since!
477Manuals User KUBERNETES(1)(kubernetes)