diff --git a/config/etc/sysctl.d/90-kubelet.conf b/config/etc/sysctl.d/90-kubelet.conf
new file mode 100644
index 0000000..88ab578
--- /dev/null
+++ b/config/etc/sysctl.d/90-kubelet.conf
@@ -0,0 +1,7 @@
+# https://docs.k3s.io/security/hardening-guide?_highlight=sysctl#ensure-protect-kernel-defaults-is-set
+
+vm.panic_on_oom=0
+vm.overcommit_memory=1
+kernel.panic=10
+kernel.panic_on_oops=1
+kernel.keys.root_maxbytes=25000000