add sysctls ds

node-sysctls/set-sysctls-ds.yaml

@@ -0,0 +1,49 @@
+---
+# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-init
+  namespace: kube-system
+  labels:
+    root-init.k8s.exa.fi/component-name: node-init
+spec:
+  selector:
+    matchLabels:
+      root-init.k8s.exa.fi/component-name: node-init
+  template:
+    metadata:
+      labels:
+        root-init.k8s.exa.fi/component-name: node-init
+    spec:
+      tolerations:
+      # this toleration is to have the daemonset runnable on master nodes
+      # remove it if your masters can't run pods
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      initContainers:
+      # this is implemented dorkily like this to cause it to be recreated
+      # whenever there's a change.  this is intended to eventually be moved
+      # into a helm chart to use in argocd where this will make more sense
+      - name: init-node
+        image: alpine:3.7
+        command: ["sh", "-c"]
+        args:
+        - |-
+          while [ $# -gt 0 ];do
+            nsenter --mount=/proc/1/ns/mnt -- sysctl "$1"
+            shift
+          done
+        - fs.inotify.max_user_instances=511
+        - fs.inotify.max_user_watches=524288
+        - vm.max_map_count=262144
+        securityContext:
+          privileged: true
+      containers:
+      - name: finished-sleep-forever
+        image: k8s.gcr.io/pause:3.1
+        securityContext:
+          privileged: false
+      terminationGracePeriodSeconds: 0
+      hostNetwork: true
+      hostPID: true