port is the port that the controller-manager’s http service runs on.

address is the IP address to serve on (set to 0.0.0.0 for all interfaces).

minResyncPeriod is the resync period in reflectors; will be random between minResyncPeriod and 2minResyncPeriod.

ClientConnection specifies the kubeconfig file and client connection settings for the proxy server to use when communicating with the apiserver.

How long to wait between starting controller managers

leaderElection defines the configuration of leader election client.

Controllers is the list of controllers to enable or disable ‘‘ means “all enabled by default controllers” ‘foo’ means “enable ‘foo’” ‘-foo’ means “disable ‘foo’” first item for a particular name wins

DebuggingConfiguration holds configuration for Debugging related features.

LeaderMigrationEnabled indicates whether Leader Migration should be enabled for the controller manager.

LeaderMigration holds the configuration for Leader Migration.

LeaderName is the name of the leader election resource that protects the migration E.g. 1-20-KCM-to-1-21-CCM

ResourceLock indicates the resource object type that will be used to lock Should be “leases” or “endpoints”

ControllerLeaders contains a list of migrating leader lock configurations

Generic holds configuration for a generic controller-manager

KubeCloudSharedConfiguration holds configuration for shared related features both in cloud controller manager and kube-controller manager.

AttachDetachControllerConfiguration holds configuration for AttachDetachController related features.

CSRSigningControllerConfiguration holds configuration for CSRSigningController related features.

DaemonSetControllerConfiguration holds configuration for DaemonSetController related features.

DeploymentControllerConfiguration holds configuration for DeploymentController related features.

StatefulSetControllerConfiguration holds configuration for StatefulSetController related features.

DeprecatedControllerConfiguration holds configuration for some deprecated features.

EndpointControllerConfiguration holds configuration for EndpointController related features.

EndpointSliceControllerConfiguration holds configuration for EndpointSliceController related features.

EndpointSliceMirroringControllerConfiguration holds configuration for EndpointSliceMirroringController related features.

EphemeralVolumeControllerConfiguration holds configuration for EphemeralVolumeController related features.

GarbageCollectorControllerConfiguration holds configuration for GarbageCollectorController related features.

HPAControllerConfiguration holds configuration for HPAController related features.

JobControllerConfiguration holds configuration for JobController related features.

CronJobControllerConfiguration holds configuration for CronJobController related features.

NamespaceControllerConfiguration holds configuration for NamespaceController related features. NamespaceControllerConfiguration holds configuration for NamespaceController related features.

NodeIPAMControllerConfiguration holds configuration for NodeIPAMController related features.

NodeLifecycleControllerConfiguration holds configuration for NodeLifecycleController related features.

PersistentVolumeBinderControllerConfiguration holds configuration for PersistentVolumeBinderController related features.

PodGCControllerConfiguration holds configuration for PodGCController related features.

ReplicaSetControllerConfiguration holds configuration for ReplicaSet related features.

ReplicationControllerConfiguration holds configuration for ReplicationController related features.

ResourceQuotaControllerConfiguration holds configuration for ResourceQuotaController related features.

SAControllerConfiguration holds configuration for ServiceAccountController related features.

ServiceControllerConfiguration holds configuration for ServiceController related features.

TTLAfterFinishedControllerConfiguration holds configuration for TTLAfterFinishedController related features.

Reconciler runs a periodic loop to reconcile the desired state of the with the actual state of the world by triggering attach detach operations. This flag enables or disables reconcile. Is false by default, and thus enabled.

ReconcilerSyncLoopPeriod is the amount of time the reconciler sync states loop wait between successive executions. Is set to 5 sec by default.

certFile is the filename containing a PEM-encoded X509 CA certificate used to issue certificates

keyFile is the filename containing a PEM-encoded RSA or ECDSA private key used to issue certificates

clusterSigningCertFile is the filename containing a PEM-encoded X509 CA certificate used to issue cluster-scoped certificates

clusterSigningCertFile is the filename containing a PEM-encoded RSA or ECDSA private key used to issue cluster-scoped certificates

kubeletServingSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kubelet-serving signer

kubeletClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client-kubelet

kubeAPIServerClientSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/kube-apiserver-client

legacyUnknownSignerConfiguration holds the certificate and key used to issue certificates for the kubernetes.io/legacy-unknown

clusterSigningDuration is the max length of duration signed certificates will be given. Individual CSRs may request shorter certs by setting spec.expirationSeconds.

concurrentCronJobSyncs is the number of job objects that are allowed to sync concurrently. Larger number = more responsive jobs, but more CPU (and network) load.

concurrentDaemonSetSyncs is the number of daemonset objects that are allowed to sync concurrently. Larger number = more responsive daemonset, but more CPU (and network) load.

concurrentDeploymentSyncs is the number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load.

concurrentEndpointSyncs is the number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load.

EndpointUpdatesBatchPeriod describes the length of endpoint updates batching period. Processing of pod changes will be delayed by this duration to join them with potential upcoming updates and reduce the overall number of endpoints updates.

mirroringConcurrentServiceEndpointSyncs is the number of service endpoint syncing operations that will be done concurrently. Larger number = faster endpoint slice updating, but more CPU (and network) load.

mirroringMaxEndpointsPerSubset is the maximum number of endpoints that will be mirrored to an EndpointSlice for an EndpointSubset.

mirroringEndpointUpdatesBatchPeriod can be used to batch EndpointSlice updates. All updates triggered by EndpointSlice changes will be delayed by up to ‘mirroringEndpointUpdatesBatchPeriod’. If other addresses in the same Endpoints resource change in that period, they will be batched to a single EndpointSlice update. Default 0 value means that each Endpoints update triggers an EndpointSlice update.

ConcurrentEphemeralVolumeSyncseSyncs is the number of ephemeral volume syncing operations that will be done concurrently. Larger number = faster ephemeral volume updating, but more CPU (and network) load.

enables the generic garbage collector. MUST be synced with the corresponding flag of the kube-apiserver. WARNING: the generic garbage collector is an alpha feature.

concurrentGCSyncs is the number of garbage collector workers that are allowed to sync concurrently.

gcIgnoredResources is the list of GroupResources that garbage collection should ignore.

group is the group portion of the GroupResource.

resource is the resource portion of the GroupResource.

ConcurrentHorizontalPodAutoscalerSyncs is the number of HPA objects that are allowed to sync concurrently. Larger number = more responsive HPA processing, but more CPU (and network) load.

HorizontalPodAutoscalerSyncPeriod is the period for syncing the number of pods in horizontal pod autoscaler.

HorizontalPodAutoscalerUpscaleForbiddenWindow is a period after which next upscale allowed.

HorizontalPodAutoscalerDowncaleStabilizationWindow is a period for which autoscaler will look backwards and not scale down below any recommendation it made during that period.

HorizontalPodAutoscalerDownscaleForbiddenWindow is a period after which next downscale allowed.

HorizontalPodAutoscalerTolerance is the tolerance for when resource usage suggests upscaling/downscaling

HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start when CPU samples might be skipped.

HorizontalPodAutoscalerInitialReadinessDelay is period after pod start during which readiness changes are treated as readiness being set for the first time. The only effect of this is that HPA will disregard CPU samples from unready pods that had last readiness change during that period.

concurrentJobSyncs is the number of job objects that are allowed to sync concurrently. Larger number = more responsive jobs, but more CPU (and network) load.

namespaceSyncPeriod is the period for syncing namespace life-cycle updates.

concurrentNamespaceSyncs is the number of namespace objects that are allowed to sync concurrently.

serviceCIDR is CIDR Range for Services in cluster.

secondaryServiceCIDR is CIDR Range for Services in cluster. This is used in dual stack clusters. SecondaryServiceCIDR must be of different IP family than ServiceCIDR

NodeCIDRMaskSize is the mask size for node cidr in cluster.

NodeCIDRMaskSizeIPv4 is the mask size for node cidr in dual-stack cluster.

NodeCIDRMaskSizeIPv6 is the mask size for node cidr in dual-stack cluster.

If set to true enables NoExecute Taints and will evict all not-tolerating Pod running on Nodes tainted with this kind of Taints.

nodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is healthy

secondaryNodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy

nodeStartupGracePeriod is the amount of time which we allow starting a node to be unresponsive before marking it unhealthy.

nodeMontiorGracePeriod is the amount of time which we allow a running node to be unresponsive before marking it unhealthy. Must be N times more than kubelet’s nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status.

podEvictionTimeout is the grace period for deleting pods on failed nodes.

secondaryNodeEvictionRate is implicitly overridden to 0 for clusters smaller than or equal to largeClusterSizeThreshold

Zone is treated as unhealthy in nodeEvictionRate and secondaryNodeEvictionRate when at least unhealthyZoneThreshold (no less than 3) of Nodes in the zone are NotReady

pvClaimBinderSyncPeriod is the period for syncing persistent volumes and persistent volume claims.

VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the controller from plugins.

VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc) should be allowed from plugins.

terminatedPodGCThreshold is the number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If <= 0, the terminated pod garbage collector is disabled.

concurrentRSSyncs is the number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load.

concurrentRCSyncs is the number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load.

resourceQuotaSyncPeriod is the period for syncing quota usage status in the system.

concurrentResourceQuotaSyncs is the number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load.

serviceAccountKeyFile is the filename containing a PEM-encoded private RSA key used to sign service account tokens.

concurrentSATokenSyncs is the number of service account token syncing operations that will be done concurrently.

rootCAFile is the root certificate authority will be included in service account’s token secret. This must be a valid PEM-encoded CA bundle.

concurrentStatefulSetSyncs is the number of statefulset objects that are allowed to sync concurrently. Larger number = more responsive statefulsets, but more CPU (and network) load.

concurrentTTLSyncs is the number of TTL-after-finished collector workers that are allowed to sync concurrently.

enableHostPathProvisioning enables HostPath PV provisioning when running without a cloud provider. This allows testing and development of provisioning features. HostPath provisioning is not supported in any way, won’t work in a multi-node cluster, and should not be used for anything other than testing or development.

enableDynamicProvisioning enables the provisioning of volumes when running within an environment that supports dynamic provisioning. Defaults to true.

persistentVolumeRecyclerConfiguration holds configuration for persistent volume plugins.

volumePluginDir is the full path of the directory in which the flex volume plugin should search for additional third party volume plugins

concurrentServiceSyncs is the number of services that are allowed to sync concurrently. Larger number = more responsive service management, but more CPU (and network) load.

Generic holds configuration for a generic controller-manager

KubeCloudSharedConfiguration holds configuration for shared related features both in cloud controller manager and kube-controller manager.

ServiceControllerConfiguration holds configuration for ServiceController related features.

NodeStatusUpdateFrequency is the frequency at which the controller updates nodes’ status

CloudProviderConfiguration holds configuration for CloudProvider related features.

externalCloudVolumePlugin specifies the plugin to use when cloudProvider is “external”. It is currently used by the in repo cloud providers to handle node and volume control in the KCM.

useServiceAccountCredentials indicates whether controllers should be run with individual service account credentials.

run with untagged cloud instances

routeReconciliationPeriod is the period for reconciling routes created for Nodes by cloud provider..

nodeMonitorPeriod is the period for syncing NodeStatus in NodeController.

clusterName is the instance prefix for the cluster.

clusterCIDR is CIDR Range for Pods in cluster.

AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider.

CIDRAllocatorType determines what kind of pod CIDR allocator will be used.

configureCloudRoutes enables CIDRs allocated with allocateNodeCIDRs to be configured on the cloud provider.

nodeSyncPeriod is the period for syncing nodes from cloudprovider. Longer periods will result in fewer calls to cloud provider, but may delay addition of new nodes to cluster.