From f9a760740153cd88058bbe41f19563f05271075a Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 24 Oct 2024 15:03:41 +0200 Subject: [PATCH 1/3] feat(k8s): add modifying kernel documentation --- ...g-kernel-parameters-kubernetes-cluster.mdx | 123 ++++++++++++++++++ menu/navigation.json | 4 + 2 files changed, 127 insertions(+) create mode 100644 containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx diff --git a/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx new file mode 100644 index 0000000000..cee9b71e58 --- /dev/null +++ b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx @@ -0,0 +1,123 @@ +--- +meta: + title: Modifying kernel parameters in a Kubernetes cluster using a DaemonSet + description: This guide explains how to modify kernel parameters in a Kubernetes cluster using a DaemonSet +content: + h1: Modifying kernel parameters in a Kubernetes cluster using a DaemonSet + paragraph: This guide explains how to modify kernel parameters in a Kubernetes cluster using a DaemonSet +tags: kubernetes kernel +dates: + validation: 2024-10-24 + posted: 2024-10-24 +categories: + - kubernetes +--- + +Kernel parameters control the behavior of the operating system at runtime. They allow you to configure and fine-tune various aspects of the Linux kernel, such as networking, memory management, process handling, and security. These parameters are located in the `/proc/sys` directory on each node and can be dynamically modified at runtime using the `sysctl` command. + +This guide outlines how to modify kernel parameters across all nodes in a Kubernetes cluster using a DaemonSet. + +## Identifying the kernel parameters to modify + +Kernel parameters, managed via the `sysctl` command, are grouped into different categories depending on which part of the kernel they influence: + +- **Networking (`net.*`)**: Controls network-related settings such as buffer sizes, TCP/IP settings, and routing. + *Example*: `net.ipv4.ip_forward` enables or disables IP packet forwarding, often used in routing scenarios. + +- **Memory Management (`vm.*`)**: Manages memory and swap behaviors. + *Example*: `vm.swappiness` controls how aggressively the system swaps memory pages to disk. + +- **File System (`fs.*`)**: Configures file system-related limits and behaviors. + *Example*: `fs.file-max` sets the maximum number of file descriptors the system can allocate. + +- **General Kernel Settings (`kernel.*`)**: Configures overall kernel behaviors. + *Example*: `kernel.hostname` defines the system’s hostname. + +- **Security (`kernel.random.*`, `net.ipv4.conf.*`, etc.)**: Manages security settings such as IP forwarding, source address validation, and firewall rules. + *Example*: `net.ipv4.conf.all.rp_filter` enables reverse path filtering for added network security. + +- **Process Limits (`kernel.*`)**: Controls limits for processes, such as the maximum number of processes or threads. + *Example*: `kernel.pid_max` sets the maximum number of process IDs (PIDs) the system can allocate. + +## Creating a DaemonSet to modify kernel parameters + +To apply kernel parameter changes across all nodes in the cluster, you can create a Kubernetes DaemonSet that runs privileged pods. This will ensure the changes are applied to every node. + +1. Create a YAML file (e.g., `sysctl-daemonset.yaml`): + +```yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: sysctl-tuning + namespace: kube-system + labels: + app: sysctl-tuning +spec: + selector: + matchLabels: + app: sysctl-tuning + template: + metadata: + labels: + app: sysctl-tuning + spec: + hostNetwork: true # Share the host's network namespace for network-related sysctl changes + hostPID: true # Access the host's PID namespace for sysctl commands + initContainers: + - name: sysctl-init # Init container to set sysctl parameters + image: busybox:latest + command: + - /bin/sh + - -c + - | + sysctl -w net.core.rmem_max=7500000 # Set the maximum receive buffer size + sysctl -w net.core.wmem_max=7500000 # Set the maximum send buffer size + securityContext: + privileged: true # Privileged access to modify sysctl settings on the host + containers: + - name: sleep-container # Main container to keep the pod running + image: busybox:latest + command: + - /bin/sh + - -c + - sleep infinity # Keep the pod alive indefinitely +``` + +## Applying the DaemonSet + +To apply the configuration, use the following command: + +```bash +kubectl apply -f sysctl-daemonset.yaml +``` + +This command deploys the DaemonSet, which ensures that the kernel parameters are modified on all nodes. + +## Verifying changes + +To verify that the DaemonSet is running on all nodes, use the following command: + +```bash +kubectl get daemonset -n kube-system +``` + +To check if the kernel parameters were successfully updated on a node, SSH into the node and run: + +```bash +ssh +sysctl net.core.rmem_max +sysctl net.core.wmem_max +``` + + + On Scaleway Kapsule SSH access is blocked by default. You need to enable SSH in your security group before connecting to the node. Refer to [How to enable or disable SSH ports on Kubernetes Kapsule cluster nodes](/containers/kubernetes/how-to/enable-disable-ssh/) for further information. + + +## Cleaning up (Optional) + +If the DaemonSet is no longer needed after the kernel parameters have been modified, you can delete it with the following command: + +```bash +kubectl delete -f sysctl-daemonset.yaml +``` diff --git a/menu/navigation.json b/menu/navigation.json index 675d7d68b9..22c6798077 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -1708,6 +1708,10 @@ "label": "Exposing Kubernetes services to the internet", "slug": "exposing-services" }, + { + "label": "Modifying kernel parameters in a Kubernetes cluster using a DaemonSet", + "slug": "modifying-kernel-parameters-kubernetes-cluster" + }, { "label": "Moving Kubernetes nodes to routed IPs", "slug": "move-kubernetes-nodes-routed-ip" From bc82d1b05ab5b2965abed9240a131ecde0d0128e Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 24 Oct 2024 15:09:33 +0200 Subject: [PATCH 2/3] docs(k8s): add docs --- .../modifying-kernel-parameters-kubernetes-cluster.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx index cee9b71e58..0eae5c30ab 100644 --- a/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx +++ b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx @@ -43,7 +43,7 @@ Kernel parameters, managed via the `sysctl` command, are grouped into different To apply kernel parameter changes across all nodes in the cluster, you can create a Kubernetes DaemonSet that runs privileged pods. This will ensure the changes are applied to every node. -1. Create a YAML file (e.g., `sysctl-daemonset.yaml`): +Create a YAML file (e.g., `sysctl-daemonset.yaml`), copy/paste the follwoing content into the file, save it and exit the text editor: ```yaml apiVersion: apps/v1 From 32833a6eed3549c277199dff1d6fdee8fa1d6727 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Thu, 24 Oct 2024 17:01:01 +0200 Subject: [PATCH 3/3] Update containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx Co-authored-by: ldecarvalho-doc <82805470+ldecarvalho-doc@users.noreply.github.com> --- .../modifying-kernel-parameters-kubernetes-cluster.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx index 0eae5c30ab..82832bb82e 100644 --- a/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx +++ b/containers/kubernetes/reference-content/modifying-kernel-parameters-kubernetes-cluster.mdx @@ -43,7 +43,7 @@ Kernel parameters, managed via the `sysctl` command, are grouped into different To apply kernel parameter changes across all nodes in the cluster, you can create a Kubernetes DaemonSet that runs privileged pods. This will ensure the changes are applied to every node. -Create a YAML file (e.g., `sysctl-daemonset.yaml`), copy/paste the follwoing content into the file, save it and exit the text editor: +Create a YAML file (e.g., `sysctl-daemonset.yaml`), copy/paste the following content into the file, save it and exit the text editor: ```yaml apiVersion: apps/v1