f3ff01ae94
* Make kernel config available to kubernetes validation * Install k8s via apt instead of curl * Update sysctl defaults Change-Id: I3f04973393e0a131afb30dc30869c859372ff812
145 lines
3.4 KiB
YAML
145 lines
3.4 KiB
YAML
rootfs_root: /mnt/rootfs
|
|
|
|
cni_version: v0.8.2
|
|
k8s_version: v1.18.6
|
|
|
|
kernel:
|
|
base_pkg: linux-image-generic
|
|
headers_pkg: linux-headers-generic
|
|
modules:
|
|
load:
|
|
- name: 8021q
|
|
- name: bonding
|
|
- name: ip_vs
|
|
- name: ip_vs_rr
|
|
- name: ip_vs_wrr
|
|
- name: ip_vs_sh
|
|
- name: br_netfilter
|
|
blacklist:
|
|
- name: krbd
|
|
|
|
banners:
|
|
login: |
|
|
Airship Node \l: \n.\o
|
|
Kernel: \s \m \r \v
|
|
IP address: \4
|
|
motd: |
|
|
#!/bin/sh
|
|
. /etc/lsb-release
|
|
printf "Airship Node, based on: %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
|
|
|
|
limits:
|
|
- name: core_dump
|
|
domain: '0:'
|
|
type: 'hard'
|
|
item: 'core'
|
|
value: 0
|
|
- name: nofile-root-soft
|
|
domain: 'root'
|
|
type: 'soft'
|
|
item: 'nofile'
|
|
value: '65536'
|
|
- name: nofile-root-hard
|
|
domain: 'root'
|
|
type: 'hard'
|
|
item: 'nofile'
|
|
value: '1048576'
|
|
- name: nofile-all-soft
|
|
domain: '*'
|
|
type: 'soft'
|
|
item: 'nofile'
|
|
value: '65536'
|
|
- name: nofile-all-hard
|
|
domain: '*'
|
|
type: 'hard'
|
|
item: 'nofile'
|
|
value: '1048576'
|
|
|
|
grub:
|
|
GRUB_TIMEOUT: 5
|
|
GRUB_CMDLINE_LINUX_DEFAULT:
|
|
- name: console
|
|
value: 'ttyS0,115200n8'
|
|
- name: console
|
|
value: 'tty0'
|
|
- name: amd_iommu
|
|
value: 'on'
|
|
- name: intel_iommu
|
|
value: 'on'
|
|
- name: iommu
|
|
value: 'pt'
|
|
- name: cgroup_disable
|
|
value: 'hugetlb'
|
|
- name: dpdk-socket-mem
|
|
value: '4096,4096'
|
|
- name: rcu_nocb_poll
|
|
value: 'true'
|
|
|
|
sysctl:
|
|
- name: net.nf_conntrack_max
|
|
value: '1048576'
|
|
- name: kernel.panic
|
|
value: '60'
|
|
- name: kernel.pid_max
|
|
value: '4194303'
|
|
- name: kernel.randomize_va_space
|
|
value: '2'
|
|
- name: net.ipv4.conf.default.arp_accept
|
|
value: '1'
|
|
- name: net.ipv4.conf.all.arp_accept
|
|
value: '1'
|
|
- name: net.core.netdev_max_backlog
|
|
value: '261144'
|
|
- name: net.ipv4.tcp_keepalive_intvl
|
|
value: '3'
|
|
- name: net.ipv4.tcp_keepalive_time
|
|
value: '30'
|
|
- name: net.ipv4.tcp_keepalive_probes
|
|
value: '8'
|
|
- name: net.ipv4.tcp_retries2
|
|
value: '5'
|
|
- name: net.ipv4.neigh.default.gc_thresh1
|
|
value: '4096'
|
|
- name: net.ipv4.neigh.default.gc_thresh2
|
|
value: '8192'
|
|
- name: net.ipv4.neigh.default.gc_thresh3
|
|
value: '16384'
|
|
- name: net.ipv4.conf.default.rp_filter
|
|
value: '0'
|
|
- name: net.ipv6.conf.all.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.all.disable_ipv6
|
|
value: '1'
|
|
- name: net.ipv6.conf.default.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.default.disable_ipv6
|
|
value: '1'
|
|
- name: net.ipv6.conf.lo.accept_ra
|
|
value: '0'
|
|
- name: net.ipv6.conf.lo.disable_ipv6
|
|
value: '0'
|
|
- name: net.netfilter.nf_conntrack_acct
|
|
value: '1'
|
|
- name: fs.suid_dumpable
|
|
value: '0'
|
|
- name: fs.inotify.max_user_watches
|
|
value: '1048576'
|
|
- name: fs.protected_hardlinks
|
|
value: '1'
|
|
- name: fs.protected_symlinks
|
|
value: '1'
|
|
- name: kernel.sysrq
|
|
value: '1'
|
|
- name: net.bridge.bridge-nf-call-ip6tables
|
|
value: '1'
|
|
- name: net.bridge.bridge-nf-call-iptables
|
|
value: '1'
|
|
|
|
post_install_package_list:
|
|
- kdump-tools
|
|
- apparmor
|
|
- dbus
|
|
- rsyslog
|
|
- logrotate
|
|
|