kubectl-cordon

Mark a node as unschedulable

$ kubectl cordon [node_name]

$ kubectl cordon [node_name1 node_name2 ...]

$ kubectl cordon [node_name] --context [context_name]

$ kubectl cordon [[-l|--selector]] [label_key]=[label_value]

$ kubectl cordon [node_name] --dry-run=[none|server|client]

kubectl cordon NODE [options]

NODE
    Name of the node to mark as unschedulable (required positional argument)

--dry-run=none|client|server
    Dry run. 'client' prints object without sending; 'server' submits without persisting; default 'none'

--field-selector=string
    Field selector to filter nodes, supports '=', '==', '!=' (rarely used for single-node cordon)

-h, --help
    Display help for cordon

--kubeconfig=string
    Path to kubeconfig file for authentication and cluster context

--request-timeout=string
    Timeout for server requests (e.g., '5s'); default '0s' (no timeout)

kubectl cordon is a Kubernetes command-line tool subcommand that marks a specified node as unschedulable. This action sets the node's spec.unschedulable field to true in the API server, preventing the Kubernetes scheduler from placing any new pods on that node.

It is primarily used for node maintenance, such as OS upgrades, hardware repairs, or temporary isolation during troubleshooting. Unlike kubectl drain, cordon does not evict existing pods; they continue running undisturbed until manually drained or they terminate naturally.

After cordoning, the node's status reflects as SchedulingDisabled when viewed with kubectl get nodes. This allows administrators to gracefully prepare a node for downtime without abrupt disruptions. Once maintenance is complete, use kubectl uncordon to make the node schedulable again.

The command is atomic and fast, typically completing in seconds, making it ideal for cluster operations in production environments.

Does not evict existing pods; they continue running. Combine with kubectl drain for full node evacuation. Requires appropriate RBAC permissions to patch nodes.

kubectl cordon node-01
Mark node-01 unschedulable.

kubectl cordon node-01 --dry-run=client
Preview the patch without applying.

After cordon: kubectl get nodes node-01 -o yaml | grep unschedulable
Confirms unschedulable: true.

Introduced in Kubernetes v1.2 (2015) as part of initial node management APIs; evolved with kubectl standardization in v1.3+. Remains unchanged in core functionality through Kubernetes v1.30+.

kubectl-uncordon(1), kubectl-drain(1), kubectl-get(1)