add sysctls ds
This commit is contained in:
parent
e77648a7f4
commit
a08a88807f
49
node-sysctls/set-sysctls-ds.yaml
Normal file
49
node-sysctls/set-sysctls-ds.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: node-init
|
||||
namespace: kube-system
|
||||
labels:
|
||||
root-init.k8s.exa.fi/component-name: node-init
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
root-init.k8s.exa.fi/component-name: node-init
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
root-init.k8s.exa.fi/component-name: node-init
|
||||
spec:
|
||||
tolerations:
|
||||
# this toleration is to have the daemonset runnable on master nodes
|
||||
# remove it if your masters can't run pods
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
initContainers:
|
||||
# this is implemented dorkily like this to cause it to be recreated
|
||||
# whenever there's a change. this is intended to eventually be moved
|
||||
# into a helm chart to use in argocd where this will make more sense
|
||||
- name: init-node
|
||||
image: alpine:3.7
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |-
|
||||
while [ $# -gt 0 ];do
|
||||
nsenter --mount=/proc/1/ns/mnt -- sysctl "$1"
|
||||
shift
|
||||
done
|
||||
- fs.inotify.max_user_instances=511
|
||||
- fs.inotify.max_user_watches=524288
|
||||
- vm.max_map_count=262144
|
||||
securityContext:
|
||||
privileged: true
|
||||
containers:
|
||||
- name: finished-sleep-forever
|
||||
image: k8s.gcr.io/pause:3.1
|
||||
securityContext:
|
||||
privileged: false
|
||||
terminationGracePeriodSeconds: 0
|
||||
hostNetwork: true
|
||||
hostPID: true
|
Loading…
Reference in New Issue
Block a user