How to customize the parameters of control plane components in ACK Pro clusters - Container Service for Kubernetes

You can customize the parameters of control plane components in a Container Service for Kubernetes (ACK) cluster to meet production needs. You can modify the parameters of kube-apiserver, kube-controller-manager, cloud-controller-manager, and kube-scheduler based on your requirements. This topic describes how to customize the parameters of control plane components in the ACK console.

Usage notes

To ensure the stability of control plane components, only ACK Pro clusters, ACK Serverless Pro clusters, ACK Edge Pro clusters, and ACK Lingjun clusters allow you to customize the parameters of control plane components. For more information about the parameters that can be customized, see Default parameters. The parameters displayed in the ACK console shall prevail.
After you customize the parameters of a component, the component is automatically restarted. We recommend that you customize the parameters during off-peak hours.
After you customize the parameters, the changes overwrite the default parameters of the ACK cluster. Make sure that the values of the customized parameters are valid and complete. Otherwise, the component may fail to restart. For more information about the parameters, see the following official Kubernetes documentation: kube-apiserver, kube-controller-manager, and kube-scheduler.

Customize the parameters of a control plane component

The procedures for customizing the parameters of different components are similar. The following example shows how to customize the parameters of kube-apiserver.

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Operations > Add-ons.
In the Core Components section, find the component and click Configuration in the lower-right corner of the card.
In the Kube Scheduler Parameters dialog box, configure the parameters and click OK. Make sure that the values of the parameters are valid and complete.

Default parameters

The default values are overwritten after you customize component parameters. You can reset the parameters to the default values in the following tables based on the cluster type.

The default values of parameters are the same for all component versions. The latest component version supported by the current Kubernetes version is displayed in the ACK console.

ACK Pro cluster

Component	Parameter	Description
Kube API Server	EnableAdmissionPlugins	By default, this parameter is empty.
	ServiceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you modify the node port range. Make sure that the node port range does not overlap with the port range specified by the `net.ipv4.ip_local_port_range` kernel parameter of Linux on nodes in the cluster. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	By default, this parameter is empty. Important After you configure oidcIssuerURL, the API server of the cluster accesses the addresses specified in the oidcIssuerURL configurations. If you use public endpoints, make sure that the cluster has access to the Internet. For more information, see Enable an existing ACK cluster to access the Internet. If the API server still cannot access the addresses specified in the oidcIssuerURL configurations after the cluster has Internet access enabled, you can run the `kubectl get endpoints` command to obtain the number of backend IP addresses in Kubernetes. If the number of IP addresses is greater than one, log on to the worker node, try to access the oidcIssuerURL, then check the configurations of the Internet and security group rules. If there is only one IP address, submit a ticket. This parameter is supported in Kubernetes 1.18 and later.
	oidcClientId	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcCAContent	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.18 and later.
	hostAliases	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.26 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	concurrentHorizontalPodAutoscalerSyncs	By default, this parameter is left empty. This parameter is supported in Kubernetes 1.26 and later.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is left empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	terminatedPodGCThreshold	By default, this parameter is left empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the virtual private cloud (VPC) where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	Multiple parameters	For more information about how to customize the parameters of kube-scheduler, see Configure the custom parameters of kube-scheduler.

ACK Serverless Pro cluster

Component	Parameter	Description
Kube API Server	EnableAdmissionPlugins	By default, this parameter is empty.
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcClientId	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcCAContent	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Kube Scheduler	Multiple parameters. You can customize the parameters only if you are included in the whitelist.	For more information about how to customize the parameters of kube-scheduler, see Configure the custom parameters of kube-scheduler.

ACK Edge Pro cluster

Component	Parameter	Description
Kube API Server	EnableAdmissionPlugins	By default, this parameter is empty.
	ServiceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you modify the node port range. Make sure that the node port range does not overlap with the port range specified by the `net.ipv4.ip_local_port_range` kernel parameter of Linux on nodes in the cluster. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	podEvictionTimeout	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the VPC where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	Multiple parameters	For more information about how to customize the parameters of kube-scheduler, see Configure the custom parameters of kube-scheduler.

ACK Lingjun cluster

Component	Parameter	Description
Kube API Server	EnableAdmissionPlugins	By default, this parameter is empty.
	ServiceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you modify the node port range. Make sure that the node port range does not overlap with the port range specified by the `net.ipv4.ip_local_port_range` kernel parameter of Linux on nodes in the cluster. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcClientId	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
	oidcCAContent	By default, this parameter is empty. This parameter is supported in Kubernetes 1.18 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	podEvictionTimeout	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the VPC where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	Multiple parameters	For more information about how to customize the parameters of kube-scheduler, see Configure the custom parameters of kube-scheduler.