Open dgiebert opened 2 years ago
Describe the solution you'd like As a k3s distribution it should follow the best practices regarding hardening presented by Rancher: https://rancher.com/docs/k3s/latest/en/security/hardening_guide/#set-kernel-parameters
Describe alternatives you've considered Currently I have added the following snippet to the config.yaml
write_files: - path: /etc/sysctl.d/90-kubelet.conf mode: '0644' owner: root:root content: | vm.panic_on_oom=0 vm.overcommit_memory=1 kernel.panic=10 kernel.panic_on_oops=1
I would suggest adding this as a default configuration (e.g. overlay/etc/sysctl.d/01-k3s.conf)
overlay/etc/sysctl.d/01-k3s.conf
Describe the solution you'd like As a k3s distribution it should follow the best practices regarding hardening presented by Rancher: https://rancher.com/docs/k3s/latest/en/security/hardening_guide/#set-kernel-parameters
Describe alternatives you've considered Currently I have added the following snippet to the config.yaml
I would suggest adding this as a default configuration (e.g.
overlay/etc/sysctl.d/01-k3s.conf
)