This section lists variables that are common to all target platforms. These variables may apply to workload clusters, node pools, or both.

Classy cluster supported Topology Variable

Variable Description Input Type Input
vipNetworkInterface Network interface name, for example, an Ethernet interface String Default value is eth0.
aviAPIServerHAProvider You can use NSX Advanced Load Balancer or Kube-Vip as the Control Plane API Server endpoint. Boolean
  • True: Enables NSX Advanced Load Balancer as the Control Plane API Server endpoint.
  • False: Enables Kube-Vip as the Control Plane API Server endpoint.
kubeVipLoadBalancerProvider You can either use Kube-Vip as the load balancer or use an external load balancer for workloads. Boolean
  • True: Enables Kube-Vip as the load balancer.
  • False: Directs the load balancer traffic to an exeternal load balancer.
ntpServers Configure the cluster's NTP server if you are deploying clusters in vSphere without DHCP Option 42. StringNote:Multiple NTPS are comma- separated. Enter the NTP server IP address.
controlPlaneTaint Kubeadm applies taint on control plane nodes allow only specific PODs to schedule on them. This ensures proper workload placement and avoids placing PODs on the node that has no toleration for the taint. Boolean
  • True: Control plane nodes allow only critical workloads to be scheduled onto them.
  • False: Control plane nodes allow all workloads to be scheduled onto them.
etcdExtraArgs Specify the etcd flags.For example, if the cluster has more than 500 nodes or the storage performance is not good, you can increase the heartbeat-interval to 300 and election-timeout to 2000. Object YAML code.

Example to increase the heartbeat interval to 300 and election timeout to 2000:

election-timeout: '2000'heartbeat-interval: '300'
apiServerExtraArgs Specify kube-apiserver flags.For example, set cipher suites to tls-min-version: VersionTLS12 and tls-cipher-suites: TLS_RSA_WITH_AES_256_GCM_SHA384. Object YAML code.

Example to set the cipher suites with tls-minimum version and tls-cipher-suites to TLS_RSA_WITH_AES_256_GCM_SHA384:

tls-min-version: 'VersionTLS12'tls-cipher-suites: 'TLS_RSA_WITH_AES_256_GCM_SHA384'
kubeSchedulerExtraArgs Specify kube-scheduler flags.For example, enable Single Pod Access Mode with feature-gates: ReadWriteOncePod=true Object YAML code.

Example to enable the single pod access mode with feature-gates set to ReadWriteOncePod=true:

feature-gates: 'ReadWriteOncePod=true'
kubeControllerManagerExtraArgs Specify the kube-controller-manager flags.For example, turn off performance profiling with profiling:false Object YAML code.

Example to turn off performance profiling to false:

profiling: 'false'
controlPlaneKubeletExtraArgs Specify the control plane kubelet flags.For example, limit the number of control plane PODs with max-pods: 50 Object YAML code.

Sample code to set the maximum limit of control plane pods to 50:

max-pods: '50'read-only-port: '10255'max-open-files: '100000'
workerKubeletExtraArgs

Specify the worker kubelet flags.

For example, limit the number of worker nodes with max-pods: 50

Note:This variable Only applicable for Classy Standard Nodepool.

 Object

YAML code.

Sample code to set the maximum limit of worker pods to 50:

max-pods: '50'read-only-port: '10255'max-open-files: '100000'
identityRef A reference to a Secret or VSphereClusterIdentity containing the identity to be used when reconciling a cluster. Object YAML code.

Example of a reference to VSphereClusterIdentity:

kind: VSphereClusterIdentity name: "identity name"
pci Configures PCI passthrough on all control planes or worker machines. Object YAML code.

Example to configure PCI passthrough on the control plane and worker node devices:

Example:

controlPlane: devices: - vendorId: 0x10DE deviceId: 0x1EB8 hardwareVersion: vmx-15worker: devices: - vendorId: 0x10DE deviceId: 0x1EB9 hardwareVersion: vmx-17
eventRateLimitConf You can enable and configure an EventRateLimit admission controller to moderate traffic to the Kubernetes API server. String

A base64 string of the EventRateLimit configuration file.

YXBpVmVyc2lvbjogZXZlbnRyYXRlbGltaXQuYWRtaXNzaW9uLms4cy5pby92MWFscGhhMQpraW5kOiBDb25maWd1cmF0aW9uCmxpbWl0czoKLSB0eXBlOiBOYW1lc3BhY2UKICBxcHM6IDUwCiAgYnVyc3Q6IDEwMAogIGNhY2hlU2l6ZTogMjAwMAotIHR5cGU6IFVzZXIKICBxcHM6IDEwCiAgYnVyc3Q6IDUwCg==
security Specify security-related configurations. Object YAML code.

Example to set the minimum TLS protocol version to 1.2:

fileIntegrityMonitoring: enabled: falseimagePolicy: pullAlways: false webhook: enabled: false spec: allowTTL: 50 defaultAllow: true denyTTL: 60 retryBackoff: 500kubeletOptions: eventQPS: 50 streamConnectionIdleTimeout: 4h0m0ssystemCryptoPolicy: defaultminimumTLSProtocol: tls_1.2

Standard cluster supported Topology Variable

Variable Description Input Type Input
nodePoolPowerOffMode Describe the desired behavior when powering off a node pool VM. Object

YAML code.

powerOffMode describes the desired behavior when powering off a VM. Values can be trySoft and hard. Default is trySoft.

guestSoftPowerOffTimeout describes timeout per attempt for a given soft power off VM. Default is 300s.

Example:

powerOffMode: trySoft

guestSoftPowerOffTimeout: 300s

Note:
  • Kubernetes version 1.27 and above and BYOI TKG template with Photon5 released in TCA 3.2 are required.
  • This is enabled by default on standard workload cluster of Kubernetes version 1.27 and above from TCA 3.2.
controlPlanePowerOffMode Describe the desired behavior when powering off a control plane VM. Object

YAML code.

powerOffMode describes the desired behavior when powering off a VM. Values can be trySoft and hard. Default is trySoft.

guestSoftPowerOffTimeout describes timeout per attempt for a given soft power off VM. Default is 300s.

Example:

powerOffMode: trySoft

guestSoftPowerOffTimeout: 300s.

Note:
  • Kubernetes version 1.27 and above and BYOI TKG template with Photon5 released in TCA 3.2 are required.
  • This is enabled by default on standard workload cluster of Kubernetes version 1.27 and above from TCA 3.2.
  • Performing Shut Down or Restart Guest OS from vCenter on Kubernetes control plane VM will release its DHCP lease. Its IP may be taken by another VM before Kubernetes control plane VM starts up. If IP is changed, it will break down the Kubernetes control plane. When it happens, user needs to bind the old IP with MAC of Kubernetes control plane VM to let it gets its old IP back.