Drain node in preparation for maintenance
Drain node in preparation for maintenance.
The given node will be marked unschedulable to prevent new pods from arriving. Then drain deletes all pods except mirror pods (which cannot be deleted through the API server). If there are DaemonSet-managed pods, drain will not proceed without –ignore-daemonsets, and regardless it will not delete any DaemonSet-managed pods, because those pods would be immediately replaced by the DaemonSet controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed–by ReplicationController, ReplicaSet, DaemonSet or Job–, then drain will not delete any pods unless you use –force.
When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again.
kubectl drain NODE
# Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, or DaemonSet on it. $ kubectl drain foo --force # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, or DaemonSet, and use a grace period of 15 minutes. $ kubectl drain foo --grace-period=900
--delete-local-data Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained). --force Continue even if there are pods not managed by a ReplicationController, ReplicaSet, Job, or DaemonSet. --grace-period int Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used. (default -1) --ignore-daemonsets Ignore DaemonSet-managed pods.
--alsologtostderr value log to standard error as well as files --as string Username to impersonate for the operation --certificate-authority string Path to a cert. file for the certificate authority --client-certificate string Path to a client certificate file for TLS --client-key string Path to a client key file for TLS --cluster string The name of the kubeconfig cluster to use --context string The name of the kubeconfig context to use --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure --kubeconfig string Path to the kubeconfig file to use for CLI requests. --log-backtrace-at value when logging hits line file:N, emit a stack trace (default :0) --log-dir value If non-empty, write log files in this directory --logtostderr value log to standard error instead of files --match-server-version Require server version to match client version -n, --namespace string If present, the namespace scope for this CLI request --password string Password for basic authentication to the API server -s, --server string The address and port of the Kubernetes API server --stderrthreshold value logs at or above this threshold go to stderr (default 2) --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --username string Username for basic authentication to the API server -v, --v value log level for V logs --vmodule value comma-separated list of pattern=N settings for file-filtered logging