Configuring Kernel Parameters
CCI uses Kata containers to build an industry-leading serverless container platform. Kata containers are isolated from the physical machine system kernel. They do not affect each other. kernel parameter optimization is a common practice in advanced service deployment scenarios. In a safe situation, CCI allows you to configure kernel parameters through a security context of a pod based on the solution recommended by the Kubernetes community, greatly improving the flexibility of service deployment. For details of security contexts, see Configure a Security Context for a Pod or Container.
In Linux, kernel parameters are usually configured through the sysctl interface. In Kubernetes, kernel parameters are configured through the sysctl security context of the pod. For details of sysctl, see Using sysctls in a Kubernetes Cluster. The security context is applied to all containers in the pod.
CCI allows you to modify the following kernel parameters:
kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, net.* (excluding net.netfilter.* and net.ipv4.vs.*)
In the following example, the pod's securityContext is used to set the sysctl parameters net.core.somaxconn and net.ipv4.tcp_tw_reuse.
apiVersion:v1
kind:Pod
metadata:
name: xxxxx
namespace: auto-test-namespace
spec:
securityContext:
sysctls:
- name: net.core.somaxconn
value: "65536"
- name: net.ipv4.tcp_tw_reuse
value: "1"
...
...
Go to the container to check whether the configuration takes effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
