Kubernetes API Server Customization
Please contact Platform9 Support prior to changing any API Server, Controller or Scheduler flags. Creating or updating clusters with unknown, incorrect or unsupported flags may result in cluster outages and dataloss.
As of Platform9 5.9.1, PMK supports customizing Kubernetes API flags at the time of cluster creation(latest updated supported k8s version = 1.26). Customizing API flags is an advanced feature that should not be used in production environments without prior consultation with Platform9 Support.
Reserved API Server Flags
The following are reserved API Server flags
"kube-apiserver"        - "--allow-privileged=VALUE"        - "--anonymous-auth=VALUE"        - "--authentication-token-webhook-version=VALUE"        - "--authentication-token-webhook-cache-ttl=VALUE"        - "--authentication-token-webhook-config-file=VALUE"        - "--authorization-mode=VALUE"        - "--bind-address=VALUE"        - "--client-ca-file=VALUE"        - "--cloud-provider=VALUE"        - "--etcd-servers=VALUE"        - "--etcd-certfile=VALUE"        - "--etcd-keyfile=VALUE"        - "--etcd-cafile=VALUE"        - "--profiling=VALUE"        - "--runtime-config=VALUE"        - "--secure-port=VALUE"        - "--service-account-issuer=VALUE"        - "--service-account-jwks-uri=VALUE"        - "--service-account-key-file=VALUE"        - "--service-account-signing-key-file=VALUE"        - "--service-cluster-ip-range=VALUE"        - "--storage-backend=VALUE"        - "--storage-media-type=VALUE"        - "--tls-cert-file=VALUE"        - "--tls-private-key-file=VALUE"        - "--tls-cipher-suites=VALUE"        - "--requestheader-client-ca-file=VALUE"        - "--requestheader-allowed-names=VALUE"        - "--requestheader-extra-headers-prefix=VALUE"        - "--requestheader-group-headers=VALUE"        - "--requestheader-username-headers=VALUE"        - "--proxy-client-cert-file=VALUE"        - "--proxy-client-key-file=VALUE"        - "--kubelet-certificate-authority=VALUE"        - "--kubelet-client-certificate=VALUE"        - "--kubelet-client-key=VALUE"        - "--kubelet-preferred-address-types=VALUE"        - "--http2-max-streams-per-connection=VALUE"Reserved Controller Flags
The following are reserved controller flags
"kube-controller-manager"        - "--cloud-provider=VALUE"        - "--kubeconfig=VALUE"        - "--leader-elect=VALUE"        - "--profiling=VALUE"        - "--root-ca-file=VALUE"        - "--service-account-private-key-file=VALUE"        - "--use-service-account-credentials=VALUE"        - "--authorization-always-allow-paths=VALUE"Reserved Scheduler Flags
the following are reserved scheduler flags
"kube-scheduler"        - "--config=VALUE"        - "--leader-elect=VALUE"        - "--profiling=VALUE"        - "--authorization-always-allow-paths=VALUE"Was this page helpful?
