-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Persist userdata sysctl changes to /etc/sysctl.d #4314
Comments
Hey @aetimmes , thanks for cutting this issue.
Can you please provide an example of how you are doing this currently? Are you using the |
Yes, we're setting this option in the CRD for our Karpenter NodeClass:
|
I was able to reproduce this. Steps:
Interesting thing is that, I found an exception where if I set the kernel parameters under Note that the setting |
That's because
so when On the other hand, no file in that same directory modifies
My pedantic side requires me to say that |
Thanks for the nice catch. It makes perfect sense to me. With that conf file, it indeed resets the And you are absolutely right about In Bottlerocket, we use corndog sysctl to apply the kernel parameters. We have mechanism here to detect Settings change and re-trigger corndog, which is how the sysctl values can be dynamically modified via settings API. But that does not cover the case you encountered. To solve this issue, we can try to add a drop-in for
|
Is
This way we're using a unified system-provided interface to manage these sysctls. Looking at the existing config files from one of my bottlerocket instances, the highest-priority system-provided conf file I can find is |
Hi @aetimmes, yes that does sound like a cleaner alternative to achieve this. For We need to basically rewrite set_sysctls function to reflect that. Would you be interested in contributing the fix yourself? It seems like a manageable change that would be great for a first contribution. I'd be happy to provide guidance for building and testing if needed. |
Read this just out of interest - we will most likely encounter this in the next few days as we also run Cilium. We will do the system unit drop-in to move past it for now. |
What I'd like:
Persist userdata-provided sysctls to
/etc/sysctl.d
in a format where they can survive throughsystemd-sysctl.service
restartsBackground
Currently, passing in sysctls via userdata results in the apiclient running
sysctl
commands directly.We pass in sysctls into our Bottlerocket AMI via userdata, but also run Cilium, which has a
sysctl-fixup
container that creates a config file (/etc/sysctl.d/99-zzz-override_cilium.conf
by default) and restarts the hostsysctld
systemd unit file. When this happens, the userdata-provided sysctls are clobbered.Bootstrap commands/containers explicitly don't have the capability to modify config files in
/etc
, so there's no good solution to this issue currently.Any alternatives you've considered:
The text was updated successfully, but these errors were encountered: