docs(talm): document DRBD sysctl tuning, keepalive toggle, etcd quota#567
docs(talm): document DRBD sysctl tuning, keepalive toggle, etcd quota#567Aleksei Sviridkin (lexfrei) wants to merge 1 commit into
Conversation
The cozystack preset gained always-on DRBD/LINSTOR sysctls, an opt-in tcpKeepaliveTuning toggle, and a tunable etcd.quotaBackendBytes. Update the talm extension-points reference: the extraSysctls row now lists the full preset-owned sysctl set, and a new table documents the two operator-facing tunables. Assisted-By: Claude <noreply@anthropic.com> Signed-off-by: Aleksei Sviridkin <f@lex.la>
Aleksei Sviridkin (lexfrei)
requested review from
Andrei Kvapil (kvaps) and
Timofei Larkin (lllamnyp)
as code owners
✅ Deploy Preview for cozystack ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughDocumentation expanded for Talos v0.30+ configuration extension points and preset tunables. The ChangesTalm v0.30+ Extension Point and Preset Documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the documentation for the cozystack preset in talm.md by detailing the built-in sysctls merged into machine.sysctls and introducing two new opinionated tunables: tcpKeepaliveTuning and etcd.quotaBackendBytes. The review feedback suggests improving clarity and precision for operators by using fully qualified sysctl names (such as net.ipv4.tcp_orphan_retries and net.ipv4.tcp_keepalive_intvl) instead of shorthand notations in the documentation.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| | `extraKernelModules` | list | Appended to the built-in modules (`openvswitch`, `drbd`, `zfs`, `spl`, `vfio_pci`, `vfio_iommu_type1`). Each entry is a Talos kernel-module spec. | | ||
| | `extraKubeletExtraArgs` | map | Merged into `kubelet.extraConfig` after the preset's `cpuManagerPolicy: static`, `maxPods: 512`. Operator keys must NOT collide with built-ins — yaml.v3 rejects duplicate map keys on decode, so a collision fails the render with a precise hint pointing at the offending key. Fork the preset if you need a different default. | | ||
| | `extraSysctls` | map | Merged into `machine.sysctls` after the preset's `gc_thresh*` entries. Same collision-fails-render contract as `extraKubeletExtraArgs`. Values must be YAML strings (Talos expects strings even for numeric sysctls). | | ||
| | `extraSysctls` | map | Merged into `machine.sysctls` after the preset's built-in entries: the `gc_thresh1/2/3` ARP-cache sizes, the always-on DRBD/LINSTOR tuning (`tcp_orphan_retries`, `tcp_fin_timeout`, `netdev_max_backlog`, `netdev_budget`, `netdev_budget_usecs`), `vm.nr_hugepages` (when set), and the `tcp_keepalive_*` triplet while `tcpKeepaliveTuning` is enabled. All of these are preset-owned — the same collision-fails-render contract as `extraKubeletExtraArgs` applies. Values must be YAML strings (Talos expects strings even for numeric sysctls). | |
There was a problem hiding this comment.
For clarity and precision, it is recommended to use the fully qualified sysctl names instead of shorthands. This helps operators easily identify the exact keys being configured and avoids any confusion when they configure their own extraSysctls.\n\nFor example, consider using:\n- net.ipv4.tcp_orphan_retries instead of tcp_orphan_retries\n- net.ipv4.tcp_fin_timeout instead of tcp_fin_timeout\n- net.core.netdev_max_backlog instead of netdev_max_backlog\n- net.core.netdev_budget instead of netdev_budget\n- net.core.netdev_budget_usecs instead of netdev_budget_usecs\n- net.ipv4.tcp_keepalive_* instead of tcp_keepalive_*
|
|
||
| | Key | Default | Effect | | ||
| | --- | --- | --- | | ||
| | `tcpKeepaliveTuning` | `false` | When `true`, adds `net.ipv4.tcp_keepalive_time=600` / `intvl=10` / `probes=6` to `machine.sysctls`, reaping a dead idle socket in ~660s instead of the kernel default ~2h. These sysctls are kernel-wide — they change failure detection for every long-lived idle TCP connection on the node, not just DRBD — so they are opt-in. DRBD already detects dead peers in seconds via its own protocol-level ping, so leave this off unless you specifically want faster node-wide dead-socket detection. | |
There was a problem hiding this comment.
In the description for tcpKeepaliveTuning, the shorthands intvl=10 and probes=6 are used. To make it clear and precise for operators, please use the fully qualified sysctl names:\n- net.ipv4.tcp_keepalive_intvl=10\n- net.ipv4.tcp_keepalive_probes=6
1 participant
Summary
Documents the new
cozystack-preset tunables that land in talm via cozystack/talm#131: the always-on DRBD/LINSTOR sysctls, the opt-intcpKeepaliveTuningtoggle, and the tunableetcd.quotaBackendBytes.Changes
next/install/kubernetes/talm.md: theextraSysctlsrow now enumerates the full preset-owned sysctl set (so operators know which keys are collision-protected), and a new table documentstcpKeepaliveTuningandetcd.quotaBackendBytes.Scoped to
nextonly — these are unreleased talm features, so the released version directories (v1.4and earlier) correctly continue to describe the shipped preset without them.Related
Summary by CodeRabbit
extraSysctlsextension point documentation with detailed descriptions of merge behavior and value requirements.