RockyLinux 9节点内核优化, 解决部分容器无法启动的问题

[learn0208]

What type of PR is this?

/kind bug

What this PR does / why we need it:

操作系统: RockyLinux 9.5做为节点时, 部分容器无法运行

猜测原因: cgroup版本变化导致. RockyLinux 9 使用 cgroup v2. 并没找到对应文档说明, 修改后问题可解决

stat -fc %T /sys/fs/cgroup/
# cgroup v2, the output is cgroup2fs
# cgroup v1, the output is tmpfs

Which issue(s) this PR fixes:

无法运行的容器报错示例如下:

# 错误示例一
exception recovered: too many open files

# 错误示例二
unhandled exception: The configured user limit (128) on the number of inotify instances has been reached

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[alonedou]

这些参数建议加到 roles/prepare/templates/95-k8s-sysctl.conf.j2 中。

[gjmzj]

找到了一些参考资料 https://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux

/proc/sys/fs/inotify/max_user_watches is the current max number of watches per user.

Historically, the kernel has defaulted this to 8192, but given that many Linux distros customize their kernel builds quite a bit, this may not be true on every Linux system. A recent kernel change [1] dynamically selects a default max_user_watches value in the range [8192, 1048576] based on how much RAM the system has. (5.11 is the first kernel release containing this change.)

AFAICT, root can change max_user_watches to any value that's 2147483647 (231-1) or under, as long as you're confident you have enough RAM to support that number of watches.

[1] https://github.com/torvalds/linux/commit/92890123749bafc317bbfacbe0a62ce08d78efb7

[gjmzj]

https://www.suse.com/support/kb/doc/?id=000020048
根据这里，我觉得应该适用于其他linux系统，所以添加到 roles/prepare/templates/95-k8s-sysctl.conf.j2