From 19d5a1c7c30f0cac5b648796333caa04deaf04e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Unai=20Arr=C3=ADen?= <unaittxu@gmail.com>
Date: Thu, 7 Apr 2022 17:33:59 +0200
Subject: [PATCH] Ensure all Kubelet required kernel values are configured when
 enabling protectKernelDefaults (#8692)

---
 .../preinstall/tasks/0080-system-configurations.yml          | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index a1c5e97ce..720e7337b 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -113,9 +113,12 @@
     state: present
     reload: yes
   with_items:
-    - { name: vm.overcommit_memory, value: 1 }
+    - { name: kernel.keys.root_maxbytes, value: 25000000 }
+    - { name: kernel.keys.root_maxkeys, value: 1000000 }
     - { name: kernel.panic, value: 10 }
     - { name: kernel.panic_on_oops, value: 1 }
+    - { name: vm.overcommit_memory, value: 1 }
+    - { name: vm.panic_on_oom, value: 0 }
   when: kubelet_protect_kernel_defaults|bool
 
 - name: Check dummy module