Updated on 2024-01-16 GMT+08:00

Configuring Kernel Parameters

CCI uses Kata containers to build an industry-leading serverless container platform. Kata containers are isolated from the physical machine system kernel. They do not affect each other. kernel parameter optimization is a common practice in advanced service deployment scenarios. In a safe situation, CCI allows you to configure kernel parameters through a security context of a pod based on the solution recommended by the Kubernetes community, greatly improving the flexibility of service deployment. For details of security contexts, see Configure a Security Context for a Pod or Container.

In Linux, kernel parameters are usually configured through the sysctl interface. In Kubernetes, kernel parameters are configured through the sysctl security context of the pod. For details of sysctl, see Using sysctls in a Kubernetes Cluster. The security context is applied to all containers in the pod.

CCI allows you to modify the following kernel parameters:

kernel.shm*,
kernel.msg*,   
kernel.sem,
fs.mqueue.*,
net.* (excluding net.netfilter.* and net.ipv4.vs.*)

In the following example, the pod's securityContext is used to set the sysctl parameters net.core.somaxconn and net.ipv4.tcp_tw_reuse.

apiVersion:v1
kind:Pod
metadata:
     name: xxxxx
     namespace: auto-test-namespace
spec:
    securityContext: 
        sysctls:
        - name: net.core.somaxconn
          value: "65536"
        - name: net.ipv4.tcp_tw_reuse
          value: "1"
        ...
...

Go to the container to check whether the configuration takes effect.