Node control plane (API server) entry point changes in ACK Managed clusters

Updated at:
Copy as MD

To improve control plane high availability, ACK managed clusters created from November 2024 onward switch node-side components (kubelet and kube-proxy) from static IP addresses to domain names for control plane (API server) access.

Potential impacts

Applies to ACK managed Basic clusters and ACK managed Pro clusters created in November 2024 or later running Kubernetes 1.20 or later.

Change details

After this change, node-side components in an ACK managed cluster, such as kubelet and kube-proxy, access the control plane through the API server domain name instead of the static Classic Load Balancer (CLB) IP address.

The API server domain name is apiserver.{your_cluster_ID}.{region_ID}.cs.aliyuncs.com and cannot be modified. ACK resolves it internally with PrivateZone at no additional cost. View it in the Alibaba Cloud Domain Name System (DNS) console.

Usage notes

API server domain name resolution works within the cluster virtual private cloud (VPC). Use the VPC default internal DNS servers at 100.100.2.136 and 100.100.2.138. If you configure custom DNS on node Elastic Compute Service (ECS) instances or modify default VPC ECS DNS servers with DHCP option sets, route API server domain name resolution through the cluster VPC default internal DNS servers. This ensures nodes can reach the API server and avoid abnormal node states.

Contact us

For questions about this change, submit a ticket for technical support.