Safely Drain a Node

    Your Kubernetes server must be at or later than version 1.5. To check the version, enter kubectl version.

    This task also assumes that you have met the following prerequisites:

    1. You do not require your applications to be highly available during the node drain, or
    2. You have read about the concept, and have configured PodDisruptionBudgets for applications that need them.

    (Optional) Configure a disruption budget

    To ensure that your workloads remain available during maintenance, you can configure a PodDisruptionBudget.

    If availability is important for any applications that run or could run on the node(s) that you are draining, first and then continue following this guide.

    It is recommended to set AlwaysAllow Unhealthy Pod Eviction Policy to your PodDisruptionBudgets to support eviction of misbehaving applications during a node drain. The default behavior is to wait for the application pods to become before the drain can proceed.

    Note: By default ignores certain system pods on the node that cannot be killed; see the documentation for more details.

    When kubectl drain returns successfully, that indicates that all of the pods (except the ones excluded as described in the previous paragraph) have been safely evicted (respecting the desired graceful termination period, and respecting the PodDisruptionBudget you have defined). It is then safe to bring down the node by powering down its physical machine or, if running on a cloud platform, deleting its virtual machine.

    First, identify the name of the node you wish to drain. You can list all of the nodes in your cluster with

    Next, tell Kubernetes to drain the node:

    If there are pods managed by a DaemonSet, you will need to specify --ignore-daemonsets with kubectl to successfully drain the node. The kubectl drain subcommand on its own does not actually drain a node of its DaemonSet pods: the DaemonSet controller (part of the control plane) immediately replaces missing Pods with new equivalent Pods. The DaemonSet controller also creates Pods that ignore unschedulable taints, which allows the new Pods to launch onto a node that you are draining.

    afterwards to tell Kubernetes that it can resume scheduling new pods onto the node.

    Draining multiple nodes in parallel

    The command should only be issued to a single node at a time. However, you can run multiple kubectl drain commands for different nodes in parallel, in different terminals or in the background. Multiple drain commands running concurrently will still respect the PodDisruptionBudget you specify.

    For example, if you have a StatefulSet with three replicas and have set a PodDisruptionBudget for that set specifying minAvailable: 2, kubectl drain only evicts a pod from the StatefulSet if all three replicas pods are ; if then you issue multiple drain commands in parallel, Kubernetes respects the PodDisruptionBudget and ensures that only 1 (calculated as replicas - minAvailable) Pod is unavailable at any given time. Any drains that would cause the number of healthy replicas to fall below the specified budget are blocked.

    If you prefer not to use kubectl drain (such as to avoid calling to an external command, or to get finer control over the pod eviction process), you can also programmatically cause evictions using the eviction API.

    For more information, see .

    What’s next