To enhance the high availability of the cluster control plane, in Container Service for Kubernetes (ACK) managed clusters created as of November 2024, node-side components are gradually being switched from accessing the control plane through static IP addresses to domain names.
Scope of impact
This change applies to ACK Basic clusters and ACK Pro clusters created in November 2024 or later that run Kubernetes 1.20 or later.
Change details
After this change, node-side components in an ACK managed cluster, such as kubelet and kube-proxy, access the control plane using the domain name of the API server instead of the static Classic Load Balancer (CLB) IP address.
The domain name of the API server is apiserver.{your_cluster_ID}.{region_ID}.cs.aliyuncs.com and cannot be modified. This domain name is resolved internally by ACK using PrivateZone at no additional cost. You can view the domain name in the Alibaba Cloud Domain Name System (DNS) console.
Usage notes
The domain name resolution of the API server is effective within the virtual private cloud (VPC) where the cluster resides. To maintain proper domain resolution, ensure that the VPC uses the default internal DNS servers configured at 100.100.2.136 and 100.100.2.138. If custom DNS server IP addresses are configured on the Elastic Compute Service (ECS) instances of your nodes, or if the default DNS servers of the ECS instances in your VPC are modified using DHCP options sets, ensure that the domain name of the API server is resolved by the default internal DNS servers configured in the cluster VPC. This ensures that nodes can access the API server, avoiding abnormal node states.
Contact us
If you have any questions regarding this change, submit a ticket for technical support.