diff --git a/packages/kubernetes-1.15/kubelet-config b/packages/kubernetes-1.15/kubelet-config index 518e45d593b..8d846f2a8b5 100644 --- a/packages/kubernetes-1.15/kubelet-config +++ b/packages/kubernetes-1.15/kubelet-config @@ -44,11 +44,13 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.15/kubelet-sysctl.conf b/packages/kubernetes-1.15/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.15/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.15/kubernetes-1.15.spec b/packages/kubernetes-1.15/kubernetes-1.15.spec index cbd58ba8e90..f9e555bc591 100644 --- a/packages/kubernetes-1.15/kubernetes-1.15.spec +++ b/packages/kubernetes-1.15/kubernetes-1.15.spec @@ -23,6 +23,7 @@ Source5: kubernetes-ca-crt Source6: kubelet-exec-start-conf Source7: kubelet-bootstrap-kubeconfig Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf Source1000: clarify.toml Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch @@ -92,6 +93,9 @@ ln -rs \ %{buildroot}%{_sharedstatedir}/kubelet/plugins \ %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins +mkdir -p %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + %cross_scan_attribution --clarify %{S:1000} go-vendor vendor %files -n %{_cross_os}kubelet-1.15 @@ -110,5 +114,6 @@ ln -rs \ %{_cross_tmpfilesdir}/kubernetes.conf %dir %{_cross_libexecdir}/kubernetes %{_cross_libexecdir}/kubernetes/kubelet-plugins +%{_cross_sysctldir}/90-kubelet.conf %changelog diff --git a/packages/kubernetes-1.16/kubelet-config b/packages/kubernetes-1.16/kubelet-config index 518e45d593b..8d846f2a8b5 100644 --- a/packages/kubernetes-1.16/kubelet-config +++ b/packages/kubernetes-1.16/kubelet-config @@ -44,11 +44,13 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.16/kubelet-sysctl.conf b/packages/kubernetes-1.16/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.16/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.16/kubernetes-1.16.spec b/packages/kubernetes-1.16/kubernetes-1.16.spec index 6b54d9ee509..c560933ca4c 100644 --- a/packages/kubernetes-1.16/kubernetes-1.16.spec +++ b/packages/kubernetes-1.16/kubernetes-1.16.spec @@ -23,6 +23,7 @@ Source5: kubernetes-ca-crt Source6: kubelet-exec-start-conf Source7: kubelet-bootstrap-kubeconfig Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf Source1000: clarify.toml Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch @@ -88,6 +89,9 @@ ln -rs \ %{buildroot}%{_sharedstatedir}/kubelet/plugins \ %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins +mkdir -p %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + %cross_scan_attribution --clarify %{S:1000} go-vendor vendor %files -n %{_cross_os}kubelet-1.16 @@ -106,5 +110,6 @@ ln -rs \ %{_cross_tmpfilesdir}/kubernetes.conf %dir %{_cross_libexecdir}/kubernetes %{_cross_libexecdir}/kubernetes/kubelet-plugins +%{_cross_sysctldir}/90-kubelet.conf %changelog diff --git a/packages/kubernetes-1.17/kubelet-config b/packages/kubernetes-1.17/kubelet-config index 1ad0a38b431..a34de62c6cc 100644 --- a/packages/kubernetes-1.17/kubelet-config +++ b/packages/kubernetes-1.17/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.17/kubelet-sysctl.conf b/packages/kubernetes-1.17/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.17/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.17/kubernetes-1.17.spec b/packages/kubernetes-1.17/kubernetes-1.17.spec index 037c0e88106..65583f0a389 100644 --- a/packages/kubernetes-1.17/kubernetes-1.17.spec +++ b/packages/kubernetes-1.17/kubernetes-1.17.spec @@ -23,6 +23,7 @@ Source5: kubernetes-ca-crt Source6: kubelet-exec-start-conf Source7: kubelet-bootstrap-kubeconfig Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf Source1000: clarify.toml Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch @@ -88,6 +89,9 @@ ln -rs \ %{buildroot}%{_sharedstatedir}/kubelet/plugins \ %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins +mkdir -p %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + %cross_scan_attribution --clarify %{S:1000} go-vendor vendor %files -n %{_cross_os}kubelet-1.17 @@ -106,5 +110,6 @@ ln -rs \ %{_cross_tmpfilesdir}/kubernetes.conf %dir %{_cross_libexecdir}/kubernetes %{_cross_libexecdir}/kubernetes/kubelet-plugins +%{_cross_sysctldir}/90-kubelet.conf %changelog diff --git a/packages/kubernetes-1.18/kubelet-config b/packages/kubernetes-1.18/kubelet-config index 1ad0a38b431..a34de62c6cc 100644 --- a/packages/kubernetes-1.18/kubelet-config +++ b/packages/kubernetes-1.18/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.18/kubelet-sysctl.conf b/packages/kubernetes-1.18/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.18/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.18/kubernetes-1.18.spec b/packages/kubernetes-1.18/kubernetes-1.18.spec index 9a4b4ecc85d..c1cb948e04f 100644 --- a/packages/kubernetes-1.18/kubernetes-1.18.spec +++ b/packages/kubernetes-1.18/kubernetes-1.18.spec @@ -23,6 +23,7 @@ Source5: kubernetes-ca-crt Source6: kubelet-exec-start-conf Source7: kubelet-bootstrap-kubeconfig Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf Source1000: clarify.toml Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch @@ -85,6 +86,9 @@ ln -rs \ %{buildroot}%{_sharedstatedir}/kubelet/plugins \ %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins +mkdir -p %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + %cross_scan_attribution --clarify %{S:1000} go-vendor vendor %files -n %{_cross_os}kubelet-1.18 @@ -103,5 +107,6 @@ ln -rs \ %{_cross_tmpfilesdir}/kubernetes.conf %dir %{_cross_libexecdir}/kubernetes %{_cross_libexecdir}/kubernetes/kubelet-plugins +%{_cross_sysctldir}/90-kubelet.conf %changelog diff --git a/packages/kubernetes-1.19/kubelet-config b/packages/kubernetes-1.19/kubelet-config index 5fee6bc0bc7..93cdf4ae378 100644 --- a/packages/kubernetes-1.19/kubelet-config +++ b/packages/kubernetes-1.19/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.19/kubelet-sysctl.conf b/packages/kubernetes-1.19/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.19/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.19/kubernetes-1.19.spec b/packages/kubernetes-1.19/kubernetes-1.19.spec index 6dac09a0033..a99c09b3947 100644 --- a/packages/kubernetes-1.19/kubernetes-1.19.spec +++ b/packages/kubernetes-1.19/kubernetes-1.19.spec @@ -23,6 +23,7 @@ Source5: kubernetes-ca-crt Source6: kubelet-exec-start-conf Source7: kubelet-bootstrap-kubeconfig Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf Source1000: clarify.toml Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch @@ -82,6 +83,9 @@ ln -rs \ %{buildroot}%{_sharedstatedir}/kubelet/plugins \ %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins +mkdir -p %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + %cross_scan_attribution --clarify %{S:1000} go-vendor vendor %files -n %{_cross_os}kubelet-1.19 @@ -100,5 +104,6 @@ ln -rs \ %{_cross_tmpfilesdir}/kubernetes.conf %dir %{_cross_libexecdir}/kubernetes %{_cross_libexecdir}/kubernetes/kubelet-plugins +%{_cross_sysctldir}/90-kubelet.conf %changelog diff --git a/packages/release/release-sysctl.conf b/packages/release/release-sysctl.conf index a76a372cd89..cdaa7d9a56c 100644 --- a/packages/release/release-sysctl.conf +++ b/packages/release/release-sysctl.conf @@ -2,8 +2,11 @@ # Maximize console logging level for kernel printk messages kernel.printk = 8 4 1 7 -# Wait 30 seconds and then reboot -kernel.panic = 30 +# Wait 10 seconds and then reboot +kernel.panic = 10 + +# Controls the kernel's behaviour when an oops or BUG is encountered +kernel.panic_on_oops = 1 # Allow neighbor cache entries to expire even when the cache is not full net.ipv4.neigh.default.gc_thresh1 = 0