On VMs we set several custom `sysctl`s for Redis nodes. Background for most of these can be found [in the redis administration documentation](https://redis.io/topics/admin). In chef repo we have ([source](https://gitlab.com/gitlab-com/gl-infra/chef-repo/-/blob/deceed27439d71c6d97c979a2f603afeb44062a2/roles/pre-base-db-redis-server-ratelimiting.json#L5)): ``` kernel.sem = 250 32000 32 1000 net.ipv4.tcp_keepalive_time = 300 net.core.somaxconn = 1024 vm.overcommit_memory = 1 vm.swappiness = 0 ``` We should investigate which of these we will need in GKE, and how easy it is to set them. This subset of `sysctl`s is namespaced and thus can be changed on a pod ([source](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#setting-sysctls-for-a-pod)): - `kernel.shm*` - `kernel.msg*` - `kernel.sem` - `fs.mqueue.*` - `net.*` (subset) Everything else is a node-level `sysctl` that applies globally. Those can be specified [via node configuration](https://cloud.google.com/kubernetes-engine/docs/how-to/node-system-config#create). The google beta terraform provider [supports](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#sysctls) setting these via `node_config.linux_node_config.sysctls`.