How to customize the parameters of control plane components in ACK Pro clusters - Container Service for Kubernetes

To meet the requirements for adjusting control plane parameters in production environments, Container Service for Kubernetes provides the ability to customize control plane parameters. You can modify the parameters of kube-apiserver, kube-controller-manager (KCM), cloud-controller-manager (CCM), kube-scheduler, and other core managed components based on your requirements. This topic describes how to customize the parameters of control plane components in the ACK console.

Usage notes

To ensure control plane stability, only ACK Pro clusters, ACK Serverless Pro clusters, ACK Edge Pro clusters, and ACK Lingjun clusters support custom configuration of some core control plane component parameters.
For information about the supported parameters, see Default parameters (subject to the ACK console).
Some parameters are only available for specific cluster versions. To upgrade your clusters, see Manually upgrade ACK clusters.
After you modify the parameters, the control plane is automatically restarted. Perform this change during off-peak hours.
Custom parameters will override default cluster parameters. When configuring custom parameters, ensure that the parameters are correct and complete to avoid control plane startup failures due to parameter errors. For parameter specifications, see the following official Kubernetes documentation: kube-apiserver, kube-controller-manager, and kube-scheduler.

Customize the parameters of a control plane component

The procedures for customizing the parameters of different components are similar. The following example shows how to customize the parameters of kube-apiserver.

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the one you want to manage and click its name. In the left-side navigation pane, choose Operations > Add-ons.
In the Core Components section, find the component and click Configuration in the lower-right corner of the card.
In the Kube API Server Parameters dialog box, enter your custom parameters and ensure that the parameters are valid and complete. Follow the on-screen instructions to submit the configuration.

Default parameters

ACK managed Pro clusters

Component	Parameter	Description
Kube API Server	enableAdmissionPlugins	By default, this parameter is empty.
	serviceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you modify the node port range. Ensure the node port range does not overlap with the Linux kernel's `net.ipv4.ip_local_port_range` on cluster nodes. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	This parameter is empty by default and supported in Kubernetes 1.18 and later. Important After you configure oidcIssuerURL, the API server of the cluster accesses the addresses specified in the oidcIssuerURL configurations. If you use public endpoints, make sure that the cluster has access to the Internet. For more information, see Enable an existing ACK cluster to access the Internet. If the API server still cannot access the addresses specified in the oidcIssuerURL configurations after the cluster has Internet access enabled, you can run the `kubectl get endpoints` command to obtain the number of backend IP addresses in Kubernetes. If the number of IP addresses is greater than one, log on to the worker node, try to access the oidcIssuerURL, then check the configurations of the Internet and security group rules. If there is only one IP address, submit a ticket.
	oidcClientId	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcCAContent	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	hostAliases	This parameter is empty by default and supported in Kubernetes 1.26 and later.
	enableTrace	This parameter is empty by default and supported in Kubernetes 1.28 and later. For related operations, see Enable tracing for control plane components in a cluster.
	samplingRatePerMillion
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	concurrentHorizontalPodAutoscalerSyncs	This parameter is empty by default and supported in Kubernetes 1.26 and later.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	terminatedPodGCThreshold	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	concurrentCSRSyncs	This parameter is empty by default and supported in Kubernetes 1.32 and later.
	concurrentNodeTaintSyncs	This parameter is empty by default and supported in Kubernetes 1.32 and later.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the virtual private cloud (VPC) where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	For more information about how to customize the parameters of kube-scheduler, see Custom parameters of kube-scheduler.

ACK Serverless Pro clusters

Component	Parameter	Description
Kube API Server	enableAdmissionPlugins	By default, this parameter is empty.
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcClientId	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcCAContent	This parameter is empty by default and supported in Kubernetes 1.18 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Kube Scheduler	Multiple parameters. You can customize the parameters only if you are included in the whitelist.	For more information about how to customize the parameters of kube-scheduler, see Custom parameters of kube-scheduler.

ACK Edge Pro clusters

Component	Parameter	Description
Kube API Server	enableAdmissionPlugins	By default, this parameter is empty.
	serviceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you specify a custom node port range. Make sure that the node port range does not overlap with the port range specified by the `net.ipv4.ip_local_port_range` kernel parameter of Linux on nodes in the cluster. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcClientId	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcCAContent	This parameter is empty by default and supported in Kubernetes 1.18 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	podEvictionTimeout	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the VPC where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	For more information about how to customize the parameters of kube-scheduler, see Custom parameters of kube-scheduler.

ACK Lingjun clusters

Component	Parameter	Description
Kube API Server	enableAdmissionPlugins	By default, this parameter is empty.
	serviceNodePortRange	Valid values: 10000 to 65535. By default, this parameter is left empty. Important Exercise caution when you modify the node port range. Ensure the node port range does not overlap with the Linux kernel's `net.ipv4.ip_local_port_range` on cluster nodes. For more information, see How do I configure a proper node port range?
	requestTimeout	By default, this parameter is empty.
	defaultNotReadyTolerationSeconds	By default, this parameter is empty.
	defaultUnreachableTolerationSeconds	By default, this parameter is empty.
	maxMutatingRequestsInflight	Valid values: 1 to 1000. By default, this parameter is left empty.
	maxRequestsInflight	Valid values: 1 to 3000. By default, this parameter is left empty.
	featureGates	The following options are supported: `ServerSideApply`, `TTLAfterFinished`, `EphemeralContainers`, `RemoveSelfLink`, and `HPAScaleToZero`. By default, this parameter is left empty. Note The `HPAScaleToZero` option is supported in Kubernetes 1.18 and later. The value of the `RemoveSelfLink` option cannot be modified in Kubernetes 1.24 and later.
	oidcIssuerURL	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcClientId	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcUsernameClaim	Default value: `sub`. This parameter is supported in Kubernetes 1.18 and later.
	oidcUsernamePrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsPrefix	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcGroupsClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcRequiredClaim	This parameter is empty by default and supported in Kubernetes 1.18 and later.
	oidcCAContent	This parameter is empty by default and supported in Kubernetes 1.18 and later.
Kube Controller Manager	horizontalPodAutoscalerSyncPeriod	By default, this parameter is empty.
	horizontalPodAutoscalerTolerance	By default, this parameter is empty.
	concurrentTTLAfterFinishedSyncs	By default, this parameter is empty.
	largeClusterSizeThreshold	By default, this parameter is empty.
	unhealthyZoneThreshold	By default, this parameter is empty.
	secondaryNodeEvictionRate	By default, this parameter is empty.
	nodeEvictionRate	By default, this parameter is empty.
	podEvictionTimeout	By default, this parameter is empty.
	kubeAPIQPS	Valid values: 1 to 1000. By default, this parameter is left empty.
	kubeAPIBurst	Valid values: 1 to 1000. By default, this parameter is left empty.
	featureGates	The `TTLAfterFinished` option is supported. By default, this parameter is left empty.
Cloud Controller Manager	routeTableIDs	By default, this parameter is left empty. If the VPC where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: `vtb-,vtb*`.
Kube Scheduler	For more information about how to customize the parameters of kube-scheduler, see Custom parameters of kube-scheduler.