Kernel default values (sysctl)

[sergelogvinov]

Feature Request

Linux kernel has many default params. And a few of it not good for kubernetes usage. AWS/GCP and other modify kernel params at boot time. Talos changes only security values.

So, to make better user experience Talos can set/change common values too.

For example:

# kube-proxy chenge it by default, but cilium is not. Default values can drop connection between pods.
net.ipv4.tcp_keepalive_time: 600
net.ipv4.tcp_keepalive_intvl: 60

# kubelet has 110 pod limit by default, and pod can have more then one container. This value covers many common cases.
fs.inotify.max_user_instances: 256

In my setup, i have about 30-lines kernel sysctl changes. Not all of them good for all setups, but we can learn from other kubernetes solutions...

[smira]

Planning Meeting Notes

Looks good, we'd like to see all 30 lines and discuss which are good. :+1:

[sergelogvinov]

net.ipv4.tcp_keepalive_time: 600
net.ipv4.tcp_keepalive_intvl: 60

fs.inotify.max_user_instances: 512

net.core.somaxconn: 65535
net.core.netdev_max_backlog: 4096 
net.core.wmem_max: 524288
net.core.rmem_max: 524288

net.ipv4.tcp_mem: "65536 131072 262144"
net.ipv4.tcp_rmem: "8192 87380 16777216"
net.ipv4.tcp_wmem: "8192 65536 16777216"
net.ipv4.tcp_max_tw_buckets: 32768
net.ipv4.udp_mem: "65536 131072 262144"
net.ipv4.udp_rmem_min: 16384
net.ipv4.udp_wmem_min: 16384

net.ipv4.tcp_max_syn_backlog: 20480
net.ipv4.tcp_timestamps: 0
net.ipv4.ip_local_port_range: "1025       65535"

vm.max_map_count: 262144
vm.overcommit_memory: 1
vm.swappiness: 1

fs.file-max: 1048576
fs.nr_open: 1048576

[Davincible]

Since this issue is mentioned in the Cilium docs, which parameters exactly are good to change for use with Cilium? I see the first 3 in the original issue have already been merged with defaults

[smira]

I think the ones which are safe to set in general are already set, others might need testing with your environment to see whether they're good or not