Custom ClusterClass extends the functionality of ClusterAPI by enabling users to customise parameters related to the APIServer and other components of Kubernetes clusters.

The audit log backend can be customised using a custom ClusterClass. The log audit backend uses the following kube-apiserver flags:

• --audit-log-path specifies the log file path that log backend uses to write audit events. Not specifying this flag disables log backend.
• --audit-log-maxage defines the maximum number of days to retain old audit log files
• --audit-log-maxbackup defines the maximum number of audit log files to retain.
• --audit-log-maxsize defines the maximum size in megabytes of the audit log file before it gets rotated

Note: 

• CustomClusterClass(CCC) is an experimental feature per upstream cluster api documentation.
• Due to the range of customizations available with CustomClusterClass(CCC), VMware cannot test/validate all possible customizations.
• Customer will be responsible for all testing, validation, and troubleshooting of their CustomClusterClass clusters.
• Customers can open tickets regarding their CCC Clusters, however support will be limited to best effort basis only, with support having the full discretion of how much effort to put in to troubleshooting. 

vSphere Kuberenetes Service 

To create a custom ClusterClass and customise Kube APIServer parameters,

1. Login to the Supervisor Cluster
   

   kubectl vsphere login --vsphere-username <username> --server=https://<FQDN>

2. Extract the default ClusterClass tanzukubernetescluster
   

   $ kubectl get clusterclass tanzukubernetescluster  -o yaml  >  custom-clusterclass.yaml
   
   $ head -n 20 custom-clusterclass.yaml 
   apiVersion: cluster.x-k8s.io/v1beta1
   kind: ClusterClass
   metadata:
     annotations:
       run.tanzu.vmware.com/resolve-tkr: ""
     creationTimestamp: "YYYY-MM-DDT01:28:11Z"
     generation: 1
     name: tanzukubernetescluster
     namespace: default
     resourceVersion: "32673925"
     uid: ########-6765-497d-882f-############
   spec:
     controlPlane:
       machineHealthCheck:
         maxUnhealthy: 100%
         nodeStartupTimeout: 2h0m0s
         unhealthyConditions:
         - status: Unknown
           timeout: 5m0s
           type: Ready

3. SSH to the control plane node. See, Troubleshooting vSphere Supervisor Control Plane VMs
4. Extract the default Kubeadm template.
   

   $ kubectl get kubeadmcontrolplanetemplate tkc-control-plane -o yaml > custom-kubeadmcontrolplanetemplate.yaml
   
   $ head -n 20 custom-kubeadmcontrolplanetemplate.yaml
   apiVersion: controlplane.cluster.x-k8s.io/v1beta1
   kind: KubeadmControlPlaneTemplate
   metadata:
     annotations:
       controlplane.cluster.x-k8s.io/skip-coredns: ""
       controlplane.cluster.x-k8s.io/skip-kube-proxy: ""
     creationTimestamp: "2025-10-17T11:38:51Z"
     generation: 1
     name: tkc-control-plane
     namespace: default
     ownerReferences:
     - apiVersion: cluster.x-k8s.io/v1beta1
       kind: ClusterClass
       name: tanzukubernetescluster
       uid: ########-9241-4df5-8003-############
     resourceVersion: "18781"
     uid: ########-761e-4592-ba4a-############
   spec:
     template:
       metadata: {}

5. Modify the custom-clusterclass.yaml from step 2 and modify custom ClusterClass name and custom KubeadmControlPlaneTemplate name.
   Modify the namespace to your one from the default if necessary. See example below:
   

   apiVersion: cluster.x-k8s.io/v1beta1
   kind: ClusterClass
   metadata:
     annotations:
       run.tanzu.vmware.com/resolve-tkr: ""
     creationTimestamp: "YYYY-MM-DDT01:28:11Z"
     generation: 1
     name: custom-tanzukubernetescluster     ###<<< Rename from tanzukubernetescluster to custom-tanzukuberentescluster
     namespace: <namespace-name>             ###<<< Give your namespace name here 
     resourceVersion: "32673925"
     uid: ########-6765-497d-882f-############
   spec:
   ...
       ref:
         apiVersion: controlplane.cluster.x-k8s.io/v1beta1
         kind: KubeadmControlPlaneTemplate
         name: custom-tkc-control-plane  ###<<<  Rename from tkc-control-plane to custom-tkc-control-plane.
         namespace: <namespace-name>
   

6. Create the Custom ClusterClass
   

   $ kubectl apply -f custom-clusterclass.yaml 
   clusterclass.cluster.x-k8s.io/custom-tanzukubernetescluster created

7. Get the UID of the new custom ClusterClass object
   

   $ kubectl get clusterclass custom-tanzukubernetescluster -n <namespace-name> -o json | jq -r '.metadata.uid'
   ########-5d62-4fc4-a3b5-###########

8. Create a new KubeadmTemplate by modifying the file from step 4.
   

   apiVersion: controlplane.cluster.x-k8s.io/v1beta1
   kind: KubeadmControlPlaneTemplate
   metadata:
     annotations:
       controlplane.cluster.x-k8s.io/skip-coredns: ""
       controlplane.cluster.x-k8s.io/skip-kube-proxy: ""
     creationTimestamp: "2025-10-17T11:38:51Z"
     generation: 1
     name: custom-tkc-control-plane    ###<<< Change from tkc-control-plane to custom-tkc-control-plane
     namespace: <namespace-name>     ###<<< Give your namespace name here
     ownerReferences:
     - apiVersion: cluster.x-k8s.io/v1beta1
       kind: ClusterClass
       name: custom-tanzukubernetescluster     ###<<<  Change from tanzukubernetescluster to custom-tanzukubernetescluster
       uid: ########-5d62-4fc4-a3b5-###########        ###<<<  Change UID to the one extracted from step 7.

9. Modify the spec section in the same KubeadmTemplate to desired custom values.

   spec:
     template:
       metadata: {}
       spec:
         kubeadmConfigSpec:
           clusterConfiguration:
             apiServer:
               extraArgs:
                 admission-control-config-file: /etc/kubernetes/extra-config/admission-control-config.yaml
                 allow-privileged: "true"
                 audit-log-maxage: "10"  ###<<< Change from 30 to 10
                 audit-log-maxbackup: "10" 
                 audit-log-maxsize: "10" ###<<< Change from 100 to 10
                 audit-log-path: /var/log/kubernetes/kube-apiserver.log

10. Create the custom-kubeadmcontrolplanetemplate.
    

    $ kubectl apply -f custom-kubeadmcontrolplanetemplate.yaml
    kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io/custom-tkc-control-plane created
    
    $ k get kubeadmcontrolplanetemplate -n <namespace-name>
    NAME                       AGE
    custom-tkc-control-plane   37s
    tkc-control-plane          8d
    tkc-control-plane-v3.1.0   8d
    tkc-control-plane-v3.2.0   8d
    tkc-control-plane-v3.3.0   8d

    
    
    
11. Deploy new guest clusters using the Custom ClusterClass custom-tanzukubernetescluster
    

    apiVersion: cluster.x-k8s.io/v1beta1
    kind: Cluster
    metadata:
      name: test-custom-tkg
      namespace: <namespace_name>
    spec:
    ...
      topology:
        class: custom-tanzukubernetescluster    ###<<< Use your new custom ClusterClass.
    ...

How to create custom ClusterClasses in TKG2.0 on vSphere with Tanzu

v1beta1 Example: Custom ClusterClass Based on the tanzukubernetescluster