Skip to content
This repository has been archived by the owner on Dec 8, 2023. It is now read-only.

Add default kernel parameters according to the CIS Hardening Guide #815

Open
dgiebert opened this issue Nov 8, 2021 · 0 comments
Open

Add default kernel parameters according to the CIS Hardening Guide #815

dgiebert opened this issue Nov 8, 2021 · 0 comments
Labels
kind/feature A new feature

Comments

@dgiebert
Copy link
Contributor

dgiebert commented Nov 8, 2021

Describe the solution you'd like
As a k3s distribution it should follow the best practices regarding hardening presented by Rancher: https://rancher.com/docs/k3s/latest/en/security/hardening_guide/#set-kernel-parameters

Describe alternatives you've considered
Currently I have added the following snippet to the config.yaml

write_files:
  - path: /etc/sysctl.d/90-kubelet.conf
    mode: '0644'
    owner: root:root
    content: |
      vm.panic_on_oom=0
      vm.overcommit_memory=1
      kernel.panic=10
      kernel.panic_on_oops=1

I would suggest adding this as a default configuration (e.g. overlay/etc/sysctl.d/01-k3s.conf)
@dgiebert dgiebert added the kind/feature A new feature label Nov 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature A new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dgiebert