# Kubernetes Api Server Customization

{% hint style="danger" %}
**WARNING - Kubernetes API Server Customization**

Please contact Platform9 Support prior to changing any API Server, Controller or Scheduler flags. Creating or updating clusters with unknown, incorrect or unsupported flags may result in cluster outages and dataloss.
{% endhint %}

As of Platform9 5.9.1, PMK supports customizing Kubernetes API flags at the time of cluster creation(latest updated supported k8s version = 1.26). Customizing API flags is an advanced feature that should not be used in production environments without prior consultation with Platform9 Support.

## Reserved API Server Flags

The following are reserved API Server flags

{% tabs %}
{% tab title="Bash" %}

```bash
"kube-apiserver"
        - "--allow-privileged=VALUE"
        - "--anonymous-auth=VALUE"
        - "--authentication-token-webhook-version=VALUE"
        - "--authentication-token-webhook-cache-ttl=VALUE"
        - "--authentication-token-webhook-config-file=VALUE"
        - "--authorization-mode=VALUE"
        - "--bind-address=VALUE"
        - "--client-ca-file=VALUE"
        - "--cloud-provider=VALUE"
        - "--etcd-servers=VALUE"
        - "--etcd-certfile=VALUE"
        - "--etcd-keyfile=VALUE"
        - "--etcd-cafile=VALUE"
        - "--profiling=VALUE"
        - "--runtime-config=VALUE"
        - "--secure-port=VALUE"
        - "--service-account-issuer=VALUE"
        - "--service-account-jwks-uri=VALUE"
        - "--service-account-key-file=VALUE"
        - "--service-account-signing-key-file=VALUE"
        - "--service-cluster-ip-range=VALUE"
        - "--storage-backend=VALUE"
        - "--storage-media-type=VALUE"
        - "--tls-cert-file=VALUE"
        - "--tls-private-key-file=VALUE"
        - "--tls-cipher-suites=VALUE"
        - "--requestheader-client-ca-file=VALUE"
        - "--requestheader-allowed-names=VALUE"
        - "--requestheader-extra-headers-prefix=VALUE"
        - "--requestheader-group-headers=VALUE"
        - "--requestheader-username-headers=VALUE"
        - "--proxy-client-cert-file=VALUE"
        - "--proxy-client-key-file=VALUE"
        - "--kubelet-certificate-authority=VALUE"
        - "--kubelet-client-certificate=VALUE"
        - "--kubelet-client-key=VALUE"
        - "--kubelet-preferred-address-types=VALUE"
        - "--http2-max-streams-per-connection=VALUE"
```

{% endtab %}
{% endtabs %}

## Reserved Controller Flags

The following are reserved controller flags

{% tabs %}
{% tab title="Bash" %}

```bash
"kube-controller-manager"
        - "--cloud-provider=VALUE"
        - "--kubeconfig=VALUE"
        - "--leader-elect=VALUE"
        - "--profiling=VALUE"
        - "--root-ca-file=VALUE"
        - "--service-account-private-key-file=VALUE"
        - "--use-service-account-credentials=VALUE"
        - "--authorization-always-allow-paths=VALUE"
```

{% endtab %}
{% endtabs %}

## Reserved Scheduler Flags

the following are reserved scheduler flags

{% tabs %}
{% tab title="Bash" %}

```bash
"kube-scheduler"
        - "--config=VALUE"
        - "--leader-elect=VALUE"
        - "--profiling=VALUE"
        - "--authorization-always-allow-paths=VALUE"
```

{% endtab %}
{% endtabs %}