Scribd
Upload
31 views

Kubernetes 4

The legacy Linux package repositories for Kubernetes packages (apt.kubernetes.io and yum.kubernetes.io) have been frozen starting September 13, 2023 and will be removed in January 2024, requiring users to migrate. The document provides details on changes to the location of Linux packages for Kubernetes and instructs users to read the announcement for more details on migrating from the legacy package repositories.

Uploaded by

mangekau
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
31 views

Kubernetes 4

The legacy Linux package repositories for Kubernetes packages (apt.kubernetes.io and yum.kubernetes.io) have been frozen starting September 13, 2023 and will be removed in January 2024, requiring users to migrate. The document provides details on changes to the location of Linux packages for Kubernetes and instructs users to read the announcement for more details on migrating from the legacy package repositories.

Uploaded by

mangekau
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

Changes to the location of Linux packages for Kubernetes

The legacy Linux package repositories (apt.kubernetes.io and yum.kubernetes.io AKA


packages.cloud.google.com)
have been frozen starting from September 13, 2023 and are going away in January
2024, users must migrate.
Please read our announcement for more details.

Search this site


Kubernetes Documentation
Reference
Component tools
kube-scheduler
kube-scheduler
Synopsis
The Kubernetes scheduler is a control plane process which assigns Pods to Nodes.
The scheduler determines which Nodes are valid placements for each Pod in the
scheduling queue according to constraints and available resources. The scheduler
then ranks each valid Node and binds the Pod to a suitable Node. Multiple different
schedulers may be used within a cluster; kube-scheduler is the reference
implementation. See scheduling for more information about scheduling and the kube-
scheduler component.

kube-scheduler [flags]
Options
--allow-metric-labels stringToString Default: []
The map from metric-label to value allow-list of this label. The key's format is
<MetricName>,<LabelName>. The value's format is
<allowed_value>,<allowed_value>...e.g. metric1,label1='v1,v2,v3',
metric1,label2='v1,v2,v3' metric2,label1='v1,v2,v3'.

--allow-metric-labels-manifest string
The path to the manifest file that contains the allow-list mapping. The format of
the file is the same as the flag --allow-metric-labels. Note that the flag --allow-
metric-labels will override the manifest file.

--authentication-kubeconfig string
kubeconfig file pointing at the 'core' kubernetes server with enough rights to
create tokenreviews.authentication.k8s.io. This is optional. If empty, all token
requests are considered to be anonymous and no client CA is looked up in the
cluster.

--authentication-skip-lookup
If false, the authentication-kubeconfig will be used to lookup missing
authentication configuration from the cluster.

--authentication-token-webhook-cache-ttl duration Default: 10s


The duration to cache responses from the webhook token authenticator.

--authentication-tolerate-lookup-failure Default: true


If true, failures to look up missing authentication configuration from the cluster
are not considered fatal. Note that this can result in authentication that treats
all requests as anonymous.

--authorization-always-allow-paths strings Default: "/healthz,/readyz,/livez"


A list of HTTP paths to skip during authorization, i.e. these are authorized
without contacting the 'core' kubernetes server.

--authorization-kubeconfig string
kubeconfig file pointing at the 'core' kubernetes server with enough rights to
create subjectaccessreviews.authorization.k8s.io. This is optional. If empty, all
requests not skipped by authorization are forbidden.

--authorization-webhook-cache-authorized-ttl duration Default: 10s


The duration to cache 'authorized' responses from the webhook authorizer.

--authorization-webhook-cache-unauthorized-ttl duration Default: 10s


The duration to cache 'unauthorized' responses from the webhook authorizer.

--azure-container-registry-config string
Path to the file containing Azure container registry configuration information.

--bind-address string Default: 0.0.0.0


The IP address on which to listen for the --secure-port port. The associated
interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.
If blank or an unspecified address (0.0.0.0 or ::), all interfaces and IP address
families will be used.

--cert-dir string
The directory where the TLS certs are located. If --tls-cert-file and --tls-
private-key-file are provided, this flag will be ignored.

--client-ca-file string
If set, any request presenting a client certificate signed by one of the
authorities in the client-ca-file is authenticated with an identity corresponding
to the CommonName of the client certificate.

--config string
The path to the configuration file.

--contention-profiling Default: true


DEPRECATED: enable block profiling, if profiling is enabled. This parameter is
ignored if a config file is specified in --config.

--disabled-metrics strings
This flag provides an escape hatch for misbehaving metrics. You must provide the
fully qualified metric name in order to disable it. Disclaimer: disabling metrics
is higher in precedence than showing hidden metrics.

--feature-gates <comma-separated 'key=True|False' pairs>


A set of key=value pairs that describe feature gates for alpha/experimental
features. Options are:
APIResponseCompression=true|false (BETA - default=true)
APIServerIdentity=true|false (BETA - default=true)
APIServerTracing=true|false (BETA - default=true)
AdmissionWebhookMatchConditions=true|false (BETA - default=true)
AggregatedDiscoveryEndpoint=true|false (BETA - default=true)
AllAlpha=true|false (ALPHA - default=false)
AllBeta=true|false (BETA - default=false)
AnyVolumeDataSource=true|false (BETA - default=true)
AppArmor=true|false (BETA - default=true)
CPUManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
CPUManagerPolicyBetaOptions=true|false (BETA - default=true)
CPUManagerPolicyOptions=true|false (BETA - default=true)
CRDValidationRatcheting=true|false (ALPHA - default=false)
CSIMigrationPortworx=true|false (BETA - default=false)
CSIVolumeHealth=true|false (ALPHA - default=false)
CloudControllerManagerWebhook=true|false (ALPHA - default=false)
CloudDualStackNodeIPs=true|false (BETA - default=true)
ClusterTrustBundle=true|false (ALPHA - default=false)
ClusterTrustBundleProjection=true|false (ALPHA - default=false)
ComponentSLIs=true|false (BETA - default=true)
ConsistentListFromCache=true|false (ALPHA - default=false)
ContainerCheckpoint=true|false (ALPHA - default=false)
ContextualLogging=true|false (ALPHA - default=false)
CronJobsScheduledAnnotation=true|false (BETA - default=true)
CrossNamespaceVolumeDataSource=true|false (ALPHA - default=false)
CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)
DevicePluginCDIDevices=true|false (BETA - default=true)
DisableCloudProviders=true|false (BETA - default=true)
DisableKubeletCloudCredentialProviders=true|false (BETA - default=true)
DisableNodeKubeProxyVersion=true|false (ALPHA - default=false)
DynamicResourceAllocation=true|false (ALPHA - default=false)
ElasticIndexedJob=true|false (BETA - default=true)
EventedPLEG=true|false (BETA - default=false)
GracefulNodeShutdown=true|false (BETA - default=true)
GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - default=true)
HPAContainerMetrics=true|false (BETA - default=true)
HPAScaleToZero=true|false (ALPHA - default=false)
HonorPVReclaimPolicy=true|false (ALPHA - default=false)
ImageMaximumGCAge=true|false (ALPHA - default=false)
InPlacePodVerticalScaling=true|false (ALPHA - default=false)
InTreePluginAWSUnregister=true|false (ALPHA - default=false)
InTreePluginAzureDiskUnregister=true|false (ALPHA - default=false)
InTreePluginAzureFileUnregister=true|false (ALPHA - default=false)
InTreePluginGCEUnregister=true|false (ALPHA - default=false)
InTreePluginOpenStackUnregister=true|false (ALPHA - default=false)
InTreePluginPortworxUnregister=true|false (ALPHA - default=false)
InTreePluginvSphereUnregister=true|false (ALPHA - default=false)
JobBackoffLimitPerIndex=true|false (BETA - default=true)
JobPodFailurePolicy=true|false (BETA - default=true)
JobPodReplacementPolicy=true|false (BETA - default=true)
KubeProxyDrainingTerminatingNodes=true|false (ALPHA - default=false)
KubeletCgroupDriverFromCRI=true|false (ALPHA - default=false)
KubeletInUserNamespace=true|false (ALPHA - default=false)
KubeletPodResourcesDynamicResources=true|false (ALPHA - default=false)
KubeletPodResourcesGet=true|false (ALPHA - default=false)
KubeletSeparateDiskGC=true|false (ALPHA - default=false)
KubeletTracing=true|false (BETA - default=true)
LegacyServiceAccountTokenCleanUp=true|false (BETA - default=true)
LoadBalancerIPMode=true|false (ALPHA - default=false)
LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - default=false)
LogarithmicScaleDown=true|false (BETA - default=true)
LoggingAlphaOptions=true|false (ALPHA - default=false)
LoggingBetaOptions=true|false (BETA - default=true)
MatchLabelKeysInPodAffinity=true|false (ALPHA - default=false)
MatchLabelKeysInPodTopologySpread=true|false (BETA - default=true)
MaxUnavailableStatefulSet=true|false (ALPHA - default=false)
MemoryManager=true|false (BETA - default=true)
MemoryQoS=true|false (ALPHA - default=false)
MinDomainsInPodTopologySpread=true|false (BETA - default=true)
MultiCIDRServiceAllocator=true|false (ALPHA - default=false)
NFTablesProxyMode=true|false (ALPHA - default=false)
NewVolumeManagerReconstruction=true|false (BETA - default=true)
NodeInclusionPolicyInPodTopologySpread=true|false (BETA - default=true)
NodeLogQuery=true|false (ALPHA - default=false)
NodeSwap=true|false (BETA - default=false)
OpenAPIEnums=true|false (BETA - default=true)
PDBUnhealthyPodEvictionPolicy=true|false (BETA - default=true)
PersistentVolumeLastPhaseTransitionTime=true|false (BETA - default=true)
PodAndContainerStatsFromCRI=true|false (ALPHA - default=false)
PodDeletionCost=true|false (BETA - default=true)
PodDisruptionConditions=true|false (BETA - default=true)
PodHostIPs=true|false (BETA - default=true)
PodIndexLabel=true|false (BETA - default=true)
PodLifecycleSleepAction=true|false (ALPHA - default=false)
PodReadyToStartContainersCondition=true|false (BETA - default=true)
PodSchedulingReadiness=true|false (BETA - default=true)
ProcMountType=true|false (ALPHA - default=false)
QOSReserved=true|false (ALPHA - default=false)
RecoverVolumeExpansionFailure=true|false (ALPHA - default=false)
RotateKubeletServerCertificate=true|false (BETA - default=true)
RuntimeClassInImageCriApi=true|false (ALPHA - default=false)
SELinuxMountReadWriteOncePod=true|false (BETA - default=true)
SchedulerQueueingHints=true|false (BETA - default=false)
SecurityContextDeny=true|false (ALPHA - default=false)
SeparateTaintEvictionController=true|false (BETA - default=true)
ServiceAccountTokenJTI=true|false (ALPHA - default=false)
ServiceAccountTokenNodeBinding=true|false (ALPHA - default=false)
ServiceAccountTokenNodeBindingValidation=true|false (ALPHA - default=false)
ServiceAccountTokenPodNodeInfo=true|false (ALPHA - default=false)
SidecarContainers=true|false (BETA - default=true)
SizeMemoryBackedVolumes=true|false (BETA - default=true)
StableLoadBalancerNodeSet=true|false (BETA - default=true)
StatefulSetAutoDeletePVC=true|false (BETA - default=true)
StatefulSetStartOrdinal=true|false (BETA - default=true)
StorageVersionAPI=true|false (ALPHA - default=false)
StorageVersionHash=true|false (BETA - default=true)
StructuredAuthenticationConfiguration=true|false (ALPHA - default=false)
StructuredAuthorizationConfiguration=true|false (ALPHA - default=false)
TopologyAwareHints=true|false (BETA - default=true)
TopologyManagerPolicyAlphaOptions=true|false (ALPHA - default=false)
TopologyManagerPolicyBetaOptions=true|false (BETA - default=true)
TopologyManagerPolicyOptions=true|false (BETA - default=true)
TranslateStreamCloseWebsocketRequests=true|false (ALPHA - default=false)
UnauthenticatedHTTP2DOSMitigation=true|false (BETA - default=true)
UnknownVersionInteroperabilityProxy=true|false (ALPHA - default=false)
UserNamespacesPodSecurityStandards=true|false (ALPHA - default=false)
UserNamespacesSupport=true|false (ALPHA - default=false)
ValidatingAdmissionPolicy=true|false (BETA - default=false)
VolumeAttributesClass=true|false (ALPHA - default=false)
VolumeCapacityPriority=true|false (ALPHA - default=false)
WatchList=true|false (ALPHA - default=false)
WinDSR=true|false (ALPHA - default=false)
WinOverlay=true|false (BETA - default=true)
WindowsHostNetwork=true|false (ALPHA - default=true)
ZeroLimitedNominalConcurrencyShares=true|false (BETA - default=false)

-h, --help
help for kube-scheduler

--http2-max-streams-per-connection int
The limit that the server gives to clients for the maximum number of streams in an
HTTP/2 connection. Zero means to use golang's default.

--kube-api-burst int32 Default: 100


DEPRECATED: burst to use while talking with kubernetes apiserver. This parameter is
ignored if a config file is specified in --config.

--kube-api-content-type string Default: "application/vnd.kubernetes.protobuf"


DEPRECATED: content type of requests sent to apiserver. This parameter is ignored
if a config file is specified in --config.

--kube-api-qps float Default: 50


DEPRECATED: QPS to use while talking with kubernetes apiserver. This parameter is
ignored if a config file is specified in --config.

--kubeconfig string
DEPRECATED: path to kubeconfig file with authorization and master location
information. This parameter is ignored if a config file is specified in --config.

--leader-elect Default: true


Start a leader election client and gain leadership before executing the main loop.
Enable this when running replicated components for high availability.

--leader-elect-lease-duration duration Default: 15s


The duration that non-leader candidates will wait after observing a leadership
renewal until attempting to acquire leadership of a led but unrenewed leader slot.
This is effectively the maximum duration that a leader can be stopped before it is
replaced by another candidate. This is only applicable if leader election is
enabled.

--leader-elect-renew-deadline duration Default: 10s


The interval between attempts by the acting master to renew a leadership slot
before it stops leading. This must be less than the lease duration. This is only
applicable if leader election is enabled.

--leader-elect-resource-lock string Default: "leases"


The type of resource object that is used for locking during leader election.
Supported options are 'leases', 'endpointsleases' and 'configmapsleases'.

--leader-elect-resource-name string Default: "kube-scheduler"


The name of resource object that is used for locking during leader election.

--leader-elect-resource-namespace string Default: "kube-system"


The namespace of resource object that is used for locking during leader election.

--leader-elect-retry-period duration Default: 2s


The duration the clients should wait between attempting acquisition and renewal of
a leadership. This is only applicable if leader election is enabled.

--log-flush-frequency duration Default: 5s


Maximum number of seconds between log flushes

--logging-format string Default: "text"


Sets the log format. Permitted formats: "text".

--master string
The address of the Kubernetes API server (overrides any value in kubeconfig)

--permit-address-sharing
If true, SO_REUSEADDR will be used when binding the port. This allows binding to
wildcard IPs like 0.0.0.0 and specific IPs in parallel, and it avoids waiting for
the kernel to release sockets in TIME_WAIT state. [default=false]
--permit-port-sharing
If true, SO_REUSEPORT will be used when binding the port, which allows more than
one instance to bind on the same address and port. [default=false]

--pod-max-in-unschedulable-pods-duration duration Default: 5m0s


DEPRECATED: the maximum time a pod can stay in unschedulablePods. If a pod stays in
unschedulablePods for longer than this value, the pod will be moved from
unschedulablePods to backoffQ or activeQ. This flag is deprecated and will be
removed in 1.26

--profiling Default: true


DEPRECATED: enable profiling via web interface host:port/debug/pprof/. This
parameter is ignored if a config file is specified in --config.

--requestheader-allowed-names strings
List of client certificate common names to allow to provide usernames in headers
specified by --requestheader-username-headers. If empty, any client certificate
validated by the authorities in --requestheader-client-ca-file is allowed.

--requestheader-client-ca-file string
Root certificate bundle to use to verify client certificates on incoming requests
before trusting usernames in headers specified by --requestheader-username-headers.
WARNING: generally do not depend on authorization being already done for incoming
requests.

--requestheader-extra-headers-prefix strings Default: "x-remote-extra-"


List of request header prefixes to inspect. X-Remote-Extra- is suggested.

--requestheader-group-headers strings Default: "x-remote-group"


List of request headers to inspect for groups. X-Remote-Group is suggested.

--requestheader-username-headers strings Default: "x-remote-user"


List of request headers to inspect for usernames. X-Remote-User is common.

--secure-port int Default: 10259


The port on which to serve HTTPS with authentication and authorization. If 0, don't
serve HTTPS at all.

--show-hidden-metrics-for-version string
The previous version for which you want to show hidden metrics. Only the previous
minor version is meaningful, other values will not be allowed. The format is
<major>.<minor>, e.g.: '1.16'. The purpose of this format is make sure you have the
opportunity to notice if the next release hides additional metrics, rather than
being surprised when they are permanently removed in the release after that.

--tls-cert-file string
File containing the default x509 Certificate for HTTPS. (CA cert, if any,
concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file
and --tls-private-key-file are not provided, a self-signed certificate and key are
generated for the public address and saved to the directory specified by --cert-
dir.

--tls-cipher-suites strings
Comma-separated list of cipher suites for the server. If omitted, the default Go
cipher suites will be used.
Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384.
Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_RC4_128_SHA.

--tls-min-version string
Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11,
VersionTLS12, VersionTLS13

--tls-private-key-file string
File containing the default x509 private key matching --tls-cert-file.

--tls-sni-cert-key string
A pair of x509 certificate and private key file paths, optionally suffixed with a
list of domain patterns which are fully qualified domain names, possibly with
prefixed wildcard segments. The domain patterns also allow IP addresses, but IPs
should only be used if the apiserver has visibility to the IP address requested by
a client. If no domain patterns are provided, the names of the certificate are
extracted. Non-wildcard matches trump over wildcard matches, explicit domain
patterns trump over extracted names. For multiple key/certificate pairs, use the --
tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or
"foo.crt,foo.key:*.foo.com,foo.com".

-v, --v int


number for the log level verbosity

--version version[=true]
--version, --version=raw prints version information and quits; --version=vX.Y.Z...
sets the reported version

--vmodule pattern=N,...
comma-separated list of pattern=N settings for file-filtered logging (only works
for text log format)

--write-config-to string
If set, write the configuration values to this file and exit.

This page is automatically generated.

If you plan to report an issue with this page, mention that the page is auto-
generated in your issue description. The fix may need to happen elsewhere in the
Kubernetes project.

Feedback
Was this page helpful?

Last modified December 14, 2023 at 8:49 AM PST: Update component reference for
v1.29 (519eec1bf6)
Documentation
Blog
Training
Partners
Community
Case Studies
© 2024 The Kubernetes Authors | Documentation Distributed under CC BY 4.0
Copyright © 2024 The Linux Foundation ®. All rights reserved. The Linux Foundation
has registered trademarks and uses trademarks. For a list of trademarks of The
Linux Foundation, please see our Trademark Usage page
ICP license: 京 ICP 备 17074266 号-3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy