Tune the host OS for container workloads: kernel params, I/O, and cgroups.

On this page

Linux Performance Tuning for Containers and Kubernetes Nodes

Node-level tuning improves container density and latency. Focus on kernel, I/O, and cgroups.

Key Kernel Parameters #

bash.bash

# /etc/sysctl.d/99-kubernetes.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.max_map_count = 262144
fs.inotify.max_user_watches = 524288

Adjust per workload; document any custom values.

I/O and Scheduler #

Use io_uring where supported for async I/O.
For disk-heavy nodes, consider none or mq-deadline scheduler for data disks.

cgroups v2 #

With cgroups v2, memory and CPU are unified; ensure kubelet and container runtime use it consistently.
Set memory.high for soft limits to avoid OOM when possible.

Best Practices #

Baseline with a tuned AMI or image; avoid one-off node tweaks.
Monitor key metrics (CPU steal, memory pressure, I/O wait) and tune iteratively.
Document every change so new nodes match.

Tuning pays off most when combined with good app design and resource requests.

Linux Performance Tuning for Containers and Kubernetes Nodes

Linux Performance Tuning for Containers and Kubernetes Nodes

Key Kernel Parameters #

I/O and Scheduler #

cgroups v2 #

Best Practices #

Stay Updated

Best Practices: Incident Response for Platform Teams

Systemd Tricks We Use to Keep Services Boring

More from Linux

Linux Performance Troubleshooting: A Real Incident Walkthrough

Systemd Drop-In Overrides for Vendor Services: The Supportable Linux Ops Pattern

Systemd Service Reliability Patterns: What We Changed After Repeated Restart Loops

Linux Performance Troubleshooting: A Real Incident Walkthrough

Systemd Drop-In Overrides for Vendor Services: The Supportable Linux Ops Pattern

Systemd Service Reliability Patterns: What We Changed After Repeated Restart Loops

Linux Patch Management for Production Fleets: A Real-World Maintenance Workflow

Monitoring That Actually Helps On-Call: Alerts, Dashboards, and Runbooks

Incident Postmortems That Actually Prevent Repeat Failures

About Kiril urbonas

Linux Performance Tuning for Containers and Kubernetes Nodes

Key Kernel Parameters#

I/O and Scheduler#

cgroups v2#

Best Practices#

Stay Updated

Best Practices: Incident Response for Platform Teams

Systemd Tricks We Use to Keep Services Boring

More from Linux

Linux Performance Troubleshooting: A Real Incident Walkthrough

Systemd Drop-In Overrides for Vendor Services: The Supportable Linux Ops Pattern

Systemd Service Reliability Patterns: What We Changed After Repeated Restart Loops

About Kiril urbonas

Key Kernel Parameters #

I/O and Scheduler #

cgroups v2 #

Best Practices #