Deckhouse automatically configures and manages a set of the server’s kernel parameters using the sysctl utility. The configured parameters improve network throughput, prevent resource depletion, and optimize memory management.

If you modify these parameters, Deckhouse will automatically revert them to the values listed below.

Parameter Value set by Deckhouse Description
/sys/block/*/queue/nr_requests 256 Number of queued requests for block devices.
/sys/block/*/queue/read_ahead_kb 256 Amount of extra data that kernel reads from the disk to improve future read performance.
/sys/kernel/mm/transparent_hugepage/enabled never Disables Transparent HugePage.
/sys/kernel/mm/transparent_hugepage/defrag never Disables the Transparent HugePage defragmentation.
/sys/kernel/mm/transparent_hugepage/use_zero_page 0 Disables usage of huge zero pages.
/sys/kernel/mm/transparent_hugepage/khugepaged/defrag 0 Disables khugepaged defragmentation.
/proc/sys/net/ipv4/conf/*/rp_filter 0 Disables reverse path filtering for all interfaces.
fs.file-max 1000000 Maximum number of open files.
fs.inotify.max_user_instances 5120 Maximum number of inotify instances.
fs.inotify.max_user_watches 524288 Maximum number of files monitored by a single inotify instance.
fs.may_detach_mounts 1 Allows lazy unmounting of a file system.
kernel.numa_balancing 0 Disables automatic NUMA memory balancing.
kernel.panic 10 (0 if fencing is enabled) Time in seconds until the node reboots after it encounters the fatal kernel panic error. By default, it’s set to 10. If fencing mode is enabled for the node, it’s set to 0, preventing the node from rebooting.
kernel.panic_on_oops 1 Allows the system to trigger a kernel panic after an unexpected oops error. Required for kubelet to work correctly.
kernel.pid_max 2000000 Maximum number of process IDs that can be assigned in the system.
net.bridge.bridge-nf-call-arptables 1 Enables traffic filtering through arptables. Required for kube-proxy to work correctly.
net.bridge.bridge-nf-call-ip6tables 1 Enables traffic filtering through ip6tables. Required for kube-proxy to work correctly.
net.bridge.bridge-nf-call-iptables 1 Enables traffic filtering through iptables. Required for kube-proxy to work correctly.
net.core.netdev_max_backlog 5000 Maximum number of packets allowed in the processing queue.
net.core.rmem_max 16777216 Maximum receive buffer size in bytes.
net.core.somaxconn 1000 Maximum number of pending connections.
net.core.wmem_max 16777216 Maximum send buffer size in bytes.
net.ipv4.conf.all.forwarding 1 Enables IPv4 packet forwarding between network interfaces. Equivalent to the net.ipv4.ip_forward parameter.
net.ipv4.ip_local_port_range "32768 61000" Range of ports available for outgoing TCP and UDP connections.
net.ipv4.neigh.default.gc_thresh1 16384 Lower threshold for the amount of ARP entries after which the system starts cleaning up old entries.
net.ipv4.neigh.default.gc_thresh2 28672 Middle threshold for the amount of ARP entries after which the system starts garbage collection.
net.ipv4.neigh.default.gc_thresh3 32768 Absolute maximum number of ARP entries.
net.ipv4.tcp_max_syn_backlog 8096 Maximum number of queued SYN connections.
net.ipv4.tcp_no_metrics_save 1 Disables saving of TCP metrics of closed connections and reusing them for new connections.
net.ipv4.tcp_rmem "4096 12582912 16777216" Receive buffer sizes for incoming TCP packets in bytes: "<minimum> <default> <maximum>".
net.ipv4.tcp_slow_start_after_idle 0 Disables using the congestion window (CWND) and slow start algorithm for TCP connections.
net.ipv4.tcp_tw_reuse 1 Enables reusing the outgoing TCP connections in TIME-WAIT state.
net.ipv4.tcp_wmem "4096 12582912 16777216" Send buffer sizes for outgoing TCP packets in bytes: "<minimum> <default> <maximum>".
net.netfilter.nf_conntrack_max <no-of-cores * 131072> or 524288 Maximum number of tracked connections in the conntrack table. Calculated as “number of CPU cores” * 131072, but no lower than 524288.
net.nf_conntrack_max <no-of-cores * 131072> or 524288 Maximum number of tracked connections in the conntrack table for older kernels. Calculated as “number of CPU cores” * 131072, but no lower than 524288.
vm.dirty_background_ratio 5 Percentage of system memory that can be filled with dirty pages before the kernel starts writing them to disk in the background.
vm.dirty_expire_centisecs 12000 Duration (in centiseconds) a dirty page can remain in system memory before it must be written to disk.
vm.dirty_ratio 80 Percentage of system memory that can be filled with dirty pages before all processes must stop and flush data to disk.
vm.min_free_kbytes 131072 Minimum amount of free memory in kilobytes reserved by the kernel for critical operations.
vm.overcommit_memory 1 Enables memory overcommitment.
vm.swappiness 0 Disables swap file usage.