You can customize the parameters of control plane components in an ACK Pro cluster to meet production needs. You can modify the parameters of kube-apiserver and kube-controller-manager based on your requirements. This topic describes how to customize the parameters of control plane components in an ACK Pro cluster.

Considerations

Before you customize the parameters of a control plane component, take note of the following items:
  • After you customize the parameters of a component, the component is automatically restarted. We recommend that you customize the parameters during off-peak hours.
  • After you customize the parameters, the changes overwrite the default parameters of the ACK Pro cluster.
  • To ensure the stability of the control plane component, you are allowed to customize only some parameters.
  • Make sure that the values of the customized parameters are valid and complete. Otherwise, the component may fail to be restarted. For more information about the parameters, see kube-apiserver and kube-controller-manager.

Customize the parameters of a control plane component in an ACK Pro cluster

The following example shows how to customize the parameters of kube-apiserver.

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Operations > Add-ons.
  5. In the Core Components section, find the component and click Configuration.
  6. In the kube-apiserverParameters dialog box, set the parameters and click OK.
    Note Make sure that the specified values are valid and complete. You can customize only the parameters of kube-apiserver and kube-controller-manager in ACK Pro clusters. For more information about the valid format and values of component parameters, see kube-apiserver and kube-controller-manager. Select the Kubernetes version based on the practical situation.

Default parameters

The default values are overwritten after you customize component parameters. You can reset the parameters to the default values in the following table as required.
Kubernetes Component Parameter Default
1.16 kube-apiserver ServiceNodePortRange 30000 to 32767. Valid values: 10000 to 65535.
EnableAdmissionPlugins
  • If PodSecurityPolicy is enabled, the default value is NodeRestriction,PodSecurityPolicy.
  • If PodSecurityPolicy is disabled, the default value is NodeRestriction.
kube-controller-manager HorizontalPodAutoscalerSyncPeriod 15s
1.18, 1.20, and 1.22
Note The component names, parameters, and default values of Kubernetes 1.18 are the same as those of Kubernetes 1.20 and 1.22.
kube-apiserver ServiceNodePortRange 30000~32767
EnableAdmissionPlugins
  • If PodSecurityPolicy is enabled, the default value is NodeRestriction,PodSecurityPolicy.
  • If PodSecurityPolicy is disabled, the default value is NodeRestriction.
EnableOIDCAuth

Default value: false.

If you set the value to true, OpenID Connect (OIDC) authentication is enabled and you must the OIDCAuthIssuerURL and OIDCAuthClientId parameters.

oidcIssuerURL By default, this parameter is empty.
oidcClientId By default, this parameter is empty.
oidcCAContent By default, this parameter is empty.
oidcUsernameClaim sub
oidcUsernamePrefix By default, this parameter is empty.
oidcGroupsClaim By default, this parameter is empty.
oidcGroupsPrefix By default, this parameter is empty.
oidcRequiredClaim By default, this parameter is empty.
kube-controller-manager HorizontalPodAutoscalerSyncPeriod 15s
LargeClusterSizeThreshold 50
UnhealthyZoneThreshold 0.55
SecondaryNodeEvictionRate 0.01
PodEvictionTimeout 5m
NodeEvictionRate 0.1
cloud-controller-manager RouteTableIDS By default, this parameter is empty. If the virtual private cloud (VPC) where the cluster resides has multiple route tables, you can specify multiple route table IDs that are separated by commas (,). Example: vtb-**,vtb***.