table of contents
KUBERNETES(1)(kubernetes) | KUBERNETES(1)(kubernetes) |
NAME¶
kube-scheduler - Schedules containers on hosts.
SYNOPSIS¶
kube-scheduler [OPTIONS]
DESCRIPTION¶
The Kubernetes scheduler is a control plane process which assigns Pods to Nodes. The scheduler determines which Nodes are valid placements for each Pod in the scheduling queue according to constraints and available resources. The scheduler then ranks each valid Node and binds the Pod to a suitable Node. Multiple different schedulers may be used within a cluster; kube-scheduler is the reference implementation. See scheduling ⟨https://kubernetes.io/docs/concepts/scheduling-eviction/⟩ for more information about scheduling and the kube-scheduler component.
kube-scheduler [flags]
OPTIONS¶
--allow-metric-labels stringToString The map from metric-label to value allow-list of this label. The key's format is <MetricName>,<LabelName>. The value's format is <allowed_value>,<allowed_value>...e.g. metric1,label1='v1,v2,v3', metric1,label2='v1,v2,v3' metric2,label1='v1,v2,v3'. (default [])
--allow-metric-labels-manifest string The path to the manifest file that contains the allow-list mapping. The format of the file is the same as the flag --allow-metric-labels. Note that the flag --allow-metric-labels will override the manifest file.
--authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenreviews.authentication.k8s.io. This is optional. If empty, all token requests are considered to be anonymous and no client CA is looked up in the cluster.
--authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.
--authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s)
--authentication-tolerate-lookup-failure If true, failures to look up missing authentication configuration from the cluster are not considered fatal. Note that this can result in authentication that treats all requests as anonymous. (default true)
--authorization-always-allow-paths strings A list of HTTP paths to skip during authorization, i.e. these are authorized without contacting the 'core' kubernetes server. (default [/healthz,/readyz,/livez])
--authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. This is optional. If empty, all requests not skipped by authorization are forbidden.
--authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)
--authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)
**--bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank or an unspecified address (0.0.0.0 or ** :), all interfaces and IP address families will be used. (default 0.0.0.0)
--cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.
--client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
--config string The path to the configuration file.
--contention-profiling DEPRECATED enable block profiling, if profiling is enabled. This parameter is ignored if a config file is specified in --config. (default true)
--disable-http2-serving If true, HTTP2 serving will be disabled [default=false]
--disabled-metrics strings This flag provides an escape hatch for misbehaving metrics. You must provide the fully qualified metric name in order to disable it. Disclaimer disabling metrics is higher in precedence than showing hidden metrics.
--emulated-version strings The versions different components emulate their capabilities (APIs, features, ...) of.
If set, the component will emulate the behavior of this version instead of the underlying binary version.
Version format could only be major.minor, for example: '--emulated-version=wardle=1.2,kube=1.31'. Options are:
kube=1.31..1.31 (default=1.31)If the component is not specified, defaults to "kube"
--feature-gates colonSeparatedMultimapStringString Comma-separated list of component key=value pairs that describe feature gates for alpha/experimental features of different components.
If the component is not specified, defaults to "kube". This flag can be repeatedly invoked. For example: --feature-gates 'wardle:featureA=true,wardle:featureB=false' --feature-gates 'kube:featureC=true'Options are:
kube:APIResponseCompression=true|false (BETA - default=true)
kube:APIServerIdentity=true|false (BETA - default=true)
kube:APIServerTracing=true|false (BETA - default=true)
kube:APIServingWithRoutine=true|false (ALPHA - default=false)
kube:AllAlpha=true|false (ALPHA - default=false)
kube:AllBeta=true|false (BETA - default=false)
kube:AnonymousAuthConfigurableEndpoints=true|false (ALPHA - default=false)
kube:AnyVolumeDataSource=true|false (BETA - default=true)
kube:AuthorizeNodeWithSelectors=true|false (ALPHA - default=false)
kube:AuthorizeWithSelectors=true|false (ALPHA - default=false)
kube:CPUManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
kube:CPUManagerPolicyBetaOptions=true|false (BETA - default=true)
kube:CPUManagerPolicyOptions=true|false (BETA - default=true)
kube:CRDValidationRatcheting=true|false (BETA - default=true)
kube:CSIMigrationPortworx=true|false (BETA - default=true)
kube:CSIVolumeHealth=true|false (ALPHA - default=false)
kube:CloudControllerManagerWebhook=true|false (ALPHA - default=false)
kube:ClusterTrustBundle=true|false (ALPHA - default=false)
kube:ClusterTrustBundleProjection=true|false (ALPHA - default=false)
kube:ComponentSLIs=true|false (BETA - default=true)
kube:ConcurrentWatchObjectDecode=true|false (BETA - default=false)
kube:ConsistentListFromCache=true|false (BETA - default=true)
kube:ContainerCheckpoint=true|false (BETA - default=true)
kube:ContextualLogging=true|false (BETA - default=true)
kube:CoordinatedLeaderElection=true|false (ALPHA - default=false)
kube:CronJobsScheduledAnnotation=true|false (BETA - default=true)
kube:CrossNamespaceVolumeDataSource=true|false (ALPHA - default=false)
kube:CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
kube:CustomResourceFieldSelectors=true|false (BETA - default=true)
kube:DRAControlPlaneController=true|false (ALPHA - default=false)
kube:DisableAllocatorDualWrite=true|false (ALPHA - default=false)
kube:DynamicResourceAllocation=true|false (ALPHA - default=false)
kube:EventedPLEG=true|false (ALPHA - default=false)
kube:GracefulNodeShutdown=true|false (BETA - default=true)
kube:GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - default=true)
kube:HPAScaleToZero=true|false (ALPHA - default=false)
kube:HonorPVReclaimPolicy=true|false (BETA - default=true)
kube:ImageMaximumGCAge=true|false (BETA - default=true)
kube:ImageVolume=true|false (ALPHA - default=false)
kube:InPlacePodVerticalScaling=true|false (ALPHA - default=false)
kube:InTreePluginPortworxUnregister=true|false (ALPHA - default=false)
kube:InformerResourceVersion=true|false (ALPHA - default=false)
kube:JobBackoffLimitPerIndex=true|false (BETA - default=true)
kube:JobManagedBy=true|false (ALPHA - default=false)
kube:JobPodReplacementPolicy=true|false (BETA - default=true)
kube:JobSuccessPolicy=true|false (BETA - default=true)
kube:KubeletCgroupDriverFromCRI=true|false (BETA - default=true)
kube:KubeletInUserNamespace=true|false (ALPHA - default=false)
kube:KubeletPodResourcesDynamicResources=true|false (ALPHA - default=false)
kube:KubeletPodResourcesGet=true|false (ALPHA - default=false)
kube:KubeletSeparateDiskGC=true|false (BETA - default=true)
kube:KubeletTracing=true|false (BETA - default=true)
kube:LoadBalancerIPMode=true|false (BETA - default=true)
kube:LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (BETA - default=false)
kube:LoggingAlphaOptions=true|false (ALPHA - default=false)
kube:LoggingBetaOptions=true|false (BETA - default=true)
kube:MatchLabelKeysInPodAffinity=true|false (BETA - default=true)
kube:MatchLabelKeysInPodTopologySpread=true|false (BETA - default=true)
kube:MaxUnavailableStatefulSet=true|false (ALPHA - default=false)
kube:MemoryManager=true|false (BETA - default=true)
kube:MemoryQoS=true|false (ALPHA - default=false)
kube:MultiCIDRServiceAllocator=true|false (BETA - default=false)
kube:MutatingAdmissionPolicy=true|false (ALPHA - default=false)
kube:NFTablesProxyMode=true|false (BETA - default=true)
kube:NodeInclusionPolicyInPodTopologySpread=true|false (BETA - default=true)
kube:NodeLogQuery=true|false (BETA - default=false)
kube:NodeSwap=true|false (BETA - default=true)
kube:OpenAPIEnums=true|false (BETA - default=true)
kube:PodAndContainerStatsFromCRI=true|false (ALPHA - default=false)
kube:PodDeletionCost=true|false (BETA - default=true)
kube:PodIndexLabel=true|false (BETA - default=true)
kube:PodLifecycleSleepAction=true|false (BETA - default=true)
kube:PodReadyToStartContainersCondition=true|false (BETA - default=true)
kube:PortForwardWebsockets=true|false (BETA - default=true)
kube:ProcMountType=true|false (BETA - default=false)
kube:QOSReserved=true|false (ALPHA - default=false)
kube:RecoverVolumeExpansionFailure=true|false (ALPHA - default=false)
kube:RecursiveReadOnlyMounts=true|false (BETA - default=true)
kube:RelaxedEnvironmentVariableValidation=true|false (ALPHA - default=false)
kube:ReloadKubeletServerCertificateFile=true|false (BETA - default=true)
kube:ResilientWatchCacheInitialization=true|false (BETA - default=true)
kube:ResourceHealthStatus=true|false (ALPHA - default=false)
kube:RetryGenerateName=true|false (BETA - default=true)
kube:RotateKubeletServerCertificate=true|false (BETA - default=true)
kube:RuntimeClassInImageCriApi=true|false (ALPHA - default=false)
kube:SELinuxMount=true|false (ALPHA - default=false)
kube:SELinuxMountReadWriteOncePod=true|false (BETA - default=true)
kube:SchedulerQueueingHints=true|false (BETA - default=false)
kube:SeparateCacheWatchRPC=true|false (BETA - default=true)
kube:SeparateTaintEvictionController=true|false (BETA - default=true)
kube:ServiceAccountTokenJTI=true|false (BETA - default=true)
kube:ServiceAccountTokenNodeBinding=true|false (BETA - default=true)
kube:ServiceAccountTokenNodeBindingValidation=true|false (BETA - default=true)
kube:ServiceAccountTokenPodNodeInfo=true|false (BETA - default=true)
kube:ServiceTrafficDistribution=true|false (BETA - default=true)
kube:SidecarContainers=true|false (BETA - default=true)
kube:SizeMemoryBackedVolumes=true|false (BETA - default=true)
kube:StatefulSetAutoDeletePVC=true|false (BETA - default=true)
kube:StorageNamespaceIndex=true|false (BETA - default=true)
kube:StorageVersionAPI=true|false (ALPHA - default=false)
kube:StorageVersionHash=true|false (BETA - default=true)
kube:StorageVersionMigrator=true|false (ALPHA - default=false)
kube:StrictCostEnforcementForVAP=true|false (BETA - default=false)
kube:StrictCostEnforcementForWebhooks=true|false (BETA - default=false)
kube:StructuredAuthenticationConfiguration=true|false (BETA - default=true)
kube:StructuredAuthorizationConfiguration=true|false (BETA - default=true)
kube:SupplementalGroupsPolicy=true|false (ALPHA - default=false)
kube:TopologyAwareHints=true|false (BETA - default=true)
kube:TopologyManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
kube:TopologyManagerPolicyBetaOptions=true|false (BETA - default=true)
kube:TopologyManagerPolicyOptions=true|false (BETA - default=true)
kube:TranslateStreamCloseWebsocketRequests=true|false (BETA - default=true)
kube:UnauthenticatedHTTP2DOSMitigation=true|false (BETA - default=true)
kube:UnknownVersionInteroperabilityProxy=true|false (ALPHA - default=false)
kube:UserNamespacesPodSecurityStandards=true|false (ALPHA - default=false)
kube:UserNamespacesSupport=true|false (BETA - default=false)
kube:VolumeAttributesClass=true|false (BETA - default=false)
kube:VolumeCapacityPriority=true|false (ALPHA - default=false)
kube:WatchCacheInitializationPostStartHook=true|false (BETA - default=false)
kube:WatchFromStorageWithoutResourceVersion=true|false (BETA - default=false)
kube:WatchList=true|false (ALPHA - default=false)
kube:WatchListClient=true|false (BETA - default=false)
kube:WinDSR=true|false (ALPHA - default=false)
kube:WinOverlay=true|false (BETA - default=true)
kube:WindowsHostNetwork=true|false (ALPHA - default=true)
-h, --help help for kube-scheduler
--http2-max-streams-per-connection int The limit that the server gives to
clients for the maximum number of streams in an HTTP/2 connection. Zero
means to use golang's default. --kube-api-burst int32 DEPRECATED
burst to use while talking with kubernetes apiserver. This parameter is
ignored if a config file is specified in --config. (default 100)
--kube-api-content-type string DEPRECATED content type of requests sent to apiserver. This parameter is ignored if a config file is specified in --config. (default "application/vnd.kubernetes.protobuf")
--kube-api-qps float32 DEPRECATED QPS to use while talking with kubernetes apiserver. This parameter is ignored if a config file is specified in --config. (default 50)
--kubeconfig string DEPRECATED path to kubeconfig file with authorization and master location information. This parameter is ignored if a config file is specified in --config.
--leader-elect Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. (default true)
--leader-elect-lease-duration duration The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. (default 15s)
--leader-elect-renew-deadline duration The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than the lease duration. This is only applicable if leader election is enabled. (default 10s)
--leader-elect-resource-lock string The type of resource object that is used for locking during leader election. Supported options are 'leases', 'endpointsleases' and 'configmapsleases'. (default "leases")
--leader-elect-resource-name string The name of resource object that is used for locking during leader election. (default "kube-scheduler")
--leader-elect-resource-namespace string The namespace of resource object that is used for locking during leader election. (default "kube-system")
--leader-elect-retry-period duration The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. (default 2s)
--log-flush-frequency duration Maximum number of seconds between log flushes (default 5s)
--log-text-info-buffer-size quantity [Alpha] In text format with split output streams, the info messages can be buffered for a while to increase performance. The default value of zero bytes disables buffering. The size can be specified as number of bytes (512), multiples of 1000 (1K), multiples of 1024 (2Ki), or powers of those (3M, 4G, 5Mi, 6Gi). Enable the LoggingAlphaOptions feature gate to use this.
--log-text-split-stream [Alpha] In text format, write error messages to stderr and info messages to stdout. The default is to write a single stream to stdout. Enable the LoggingAlphaOptions feature gate to use this.
--logging-format string Sets the log format. Permitted formats "text". (default "text")
--master string The address of the Kubernetes API server (overrides any value in kubeconfig)
--permit-address-sharing If true, SO_REUSEADDR will be used when binding the port. This allows binding to wildcard IPs like 0.0.0.0 and specific IPs in parallel, and it avoids waiting for the kernel to release sockets in TIME_WAIT state. [default=false]
--permit-port-sharing If true, SO_REUSEPORT will be used when binding the port, which allows more than one instance to bind on the same address and port. [default=false]
--pod-max-in-unschedulable-pods-duration duration DEPRECATED the maximum time a pod can stay in unschedulablePods. If a pod stays in unschedulablePods for longer than this value, the pod will be moved from unschedulablePods to backoffQ or activeQ. This flag is deprecated and will be removed in a future version. (default 5m0s)
--profiling DEPRECATED enable profiling via web interface host:port/debug/pprof/. This parameter is ignored if a config file is specified in --config. (default true)
--requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.
--requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING generally do not depend on authorization being already done for incoming requests.
--requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])
--requestheader-group-headers strings List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])
--requestheader-username-headers strings List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])
--secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 10259)
--show-hidden-metrics-for-version string The previous version for which you want to show hidden metrics. Only the previous minor version is meaningful, other values will not be allowed. The format is ., e.g. '1.16'. The purpose of this format is make sure you have the opportunity to notice if the next release hides additional metrics, rather than being surprised when they are permanently removed in the release after that.
--tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.
--tls-cipher-suites strings Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used.
Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.
Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_RC4_128_SHA.
--tls-min-version string Minimum TLS version supported. Possible values VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
--tls-private-key-file string File containing the default x509 private key matching --tls-cert-file.
--tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. The domain patterns also allow IP addresses, but IPs should only be used if the apiserver has visibility to the IP address requested by a client. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])
-v, --v Level number for the log level verbosity
--version version[=true] --version, --version=raw prints version information
and quits; --version=vX.Y.Z... sets the reported version
--vmodule pattern=N,... comma-separated list of pattern=N settings for
file-filtered logging (only works for text log format)
--write-config-to string If set, write the configuration values to this file
and exit.
EXAMPLES¶
/usr/bin/kube-scheduler --logtostderr=true --v=0 --master=127.0.0.1:8080
User | Manuals |