From 4ad462dc0b74b789d7b2f9f876ddcdae7327c2d9 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Fri, 11 Aug 2023 16:26:36 +0200
Subject: [PATCH] add recommended k3s sysctl

---
 config/etc/sysctl.d/90-kubelet.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 config/etc/sysctl.d/90-kubelet.conf

diff --git a/config/etc/sysctl.d/90-kubelet.conf b/config/etc/sysctl.d/90-kubelet.conf
new file mode 100644
index 0000000..88ab578
--- /dev/null
+++ b/config/etc/sysctl.d/90-kubelet.conf
@@ -0,0 +1,7 @@
+# https://docs.k3s.io/security/hardening-guide?_highlight=sysctl#ensure-protect-kernel-defaults-is-set
+
+vm.panic_on_oom=0
+vm.overcommit_memory=1
+kernel.panic=10
+kernel.panic_on_oops=1
+kernel.keys.root_maxbytes=25000000