Set up kernel default protections

To protect kernel parameters from being overridden by kublet, you can either invoke the --kube-protect-kernel-defaults command option at the time of MKE install, or following MKE install you can adjust the cluster_config | kube_protect_kernel_defaults parameter in the MKE configuration file.

Important

When enabled, kubelet can fail to start if the kernel parameters on the nodes are not properly set. You must set those kernel parameters on the nodes before you install MKE or before adding a new node to an existing cluster.

  1. Create a configuration file called

    /etc/sysctl.d/90-kubelet.conf and add the following snipped to it:

    vm.panic_on_oom=0
    vm.overcommit_memory=1
    kernel.panic=10
    kernel.panic_on_oops=1
    kernel.keys.root_maxkeys=1000000
    kernel.keys.root_maxbytes=25000000
    
  2. Run sysctl -p /etc/sysctl.d/90-kubelet.conf