- Make sure you have the right hostname (based on your cluster)
$ hostnamectl --static set-hostname betelgeuse
- Before
free --human
Outputs :
total used free shared buff/cache available Mem: 62Gi 541Mi 61Gi 1.0Mi 500Mi 61Gi Swap: 8.0Gi 0B 8.0Gi
- swap off and disabled at boot in
/etc/fstabfile
sudo swapoff --all && sudo sed --regexp-extended --in-place '/\sswap\s/s/^#?/#/' /etc/fstab
- After
free --human
Outputs :
total used free shared buff/cache available Mem: 62Gi 523Mi 61Gi 1.0Mi 501Mi 61Gi Swap: 0B 0B 0B
- Check
swapin/etc/fstabis commented
cat /etc/fstab
Outputs :
# /etc/fstab: static file system information. ... #/swap.img none swap sw 0 0
sysctl is a tool for examining and changing kernel parameters at runtime . sysctl is implemented in procfs, the virtual process file system at /proc/.
for more details, see sysctl-cluster in Kubernetes
📍 Enable the usage of iptables. To prevent some routing errors happening, add runtime parameters:
- Enable the parameters by setting them to 1 for both IPv6 and IPv4
⚙️ k8s.conf drop-in file (i.e. sysctl .conf file)
sudo bash -c 'echo "net.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/k8s.conf' && \
sudo bash -c 'echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.d/k8s.conf'
- reload the configuration
sudo sysctl --system
Outputs :
* Applying /etc/sysctl.d/10-console-messages.conf ... kernel.printk = 4 4 1 7 * Applying /etc/sysctl.d/10-ipv6-privacy.conf ... net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 * Applying /etc/sysctl.d/10-kernel-hardening.conf ... kernel.kptr_restrict = 1 * Applying /etc/sysctl.d/10-magic-sysrq.conf ... kernel.sysrq = 176 * Applying /etc/sysctl.d/10-network-security.conf ... net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.all.rp_filter = 2 * Applying /etc/sysctl.d/10-ptrace.conf ... kernel.yama.ptrace_scope = 1 * Applying /etc/sysctl.d/10-zeropage.conf ... vm.mmap_min_addr = 65536 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.default.accept_source_route = 0 sysctl: setting key "net.ipv4.conf.all.accept_source_route": Invalid argument net.ipv4.conf.default.promote_secondaries = 1 sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument net.ipv4.ping_group_range = 0 2147483647 net.core.default_qdisc = fq_codel fs.protected_hardlinks = 1 fs.protected_symlinks = 1 fs.protected_regular = 1 fs.protected_fifos = 1 * Applying /usr/lib/sysctl.d/50-pid-max.conf ... kernel.pid_max = 4194304 * Applying /usr/lib/sysctl.d/99-protect-links.conf ... fs.protected_fifos = 1 fs.protected_hardlinks = 1 fs.protected_regular = 2 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.d/k8s.conf ... net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 * Applying /etc/sysctl.conf ...