The control-plane-manager module is responsible for managing the cluster’s control plane components. The cluster parameters that impact control plane management are derived from the initial cluster configuration (cluster-configuration.yaml parameter from the d8-cluster-configuration secret in the kube-system namespace), which is created during the installation.

This module is enabled by default. You can disable it the standard way:

controlPlaneManagerEnabled: "false"

Parameters

  • apiserver (object)

    kube-apiserver parameters.

    Default: {}

    • auditPolicyEnabled (boolean)

      Enable event auditing using the configuration from the Secret (audit-policy in the kube-system namespace).

      Default: false

    • authn (object)

      Optional authentication parameters for Kubernetes API clients. By default, they are taken from user-authn module ConfigMap.

      Default: {}

      • oidcCA (string)

        OIDC provider CA.

      • oidcIssuerAddress (string)

        OIDC provider network address alias.

        Example: "1.2.3.4", ""

      • oidcIssuerURL (string)

        OIDC provider URL.

        Example: "https://my-super-site.tech/"

    • authz (object)

      Optional authorization parameters for Kubernetes API clients. By default, they are taken from user-authz module ConfigMap.

      Default: {}

      • webhookCA (string)

        Authorization webhook CA.

      • webhookURL (string)

        Authorization webhook URL.

        Example: "https://127.0.0.1:40443/"

    • bindToWildcard (boolean)

      Specifies whether to listen on 0.0.0.0.

      By default, the API server listens on the hostIP. The latter usually corresponds to the Internal node address; however, the actual IP depends on the cluster type (Static or Cloud) and the layout selected.

      Default: false

    • certSANs (array of strings)

      Array of SANs, with which the API server certificate will be generated.

      In addition to the passed list, the following list is always used:

      • kubernetes
      • kubernetes.default
      • kubernetes.default.svc
      • kubernetes.default.svc.cluster.local
      • 192.168.0.1
      • 127.0.0.1
      • current_hostname
      • hostIP

      Example: ["my-site.com","192.168.67.76"]

      Pattern: ^[0-9a-zA-Z\.-]+$

    • loadBalancer (object)

      If set, a service of the LoadBalancer type will be created (d8-control-plane-apiserver in the kube-system ns).

      • annotations (object)

        Annotations to attach to a service to fine-tune the load balancer.

        Caution! The module does not take into account the specifics of setting annotations in various cloud environments. If the annotations for load balancer provisioning are only applied when creating a service, you will need to delete and add the apiserver.loadBalancer parameter to update such parameters.

      • sourceRanges (array of strings)

        A list of CIDRs that are allowed to connect to the API.

        The cloud provider may not support this option or ignore it.

        Pattern: ^[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\/[0-9]+$

  • etcd (object)

    etcd parameters.

    • externalMembersNames (array of strings)

      etcd external members array (they will not be deleted).

      Example: ["main-master-1","my-external-member"]

      Pattern: ^[0-9a-zA-Z\.-:\-\/]+$

  • failedNodePodEvictionTimeoutSeconds (integer)

    The number of seconds after which pods will be deleted from the node with the Unreachable status.

    Note! If you change the parameter, the pods must be restarted.

    Default: 300

  • nodeMonitorGracePeriodSeconds (integer)

    The number of seconds after which the node will enter the Unreachable status in case of lost connection.

    Default: 40