LinuxNodeConfig

Parameters that can be configured on Linux nodes.

JSON representation 
{
  "sysctls": {
    string: string,
    ...
  },
  "cgroupMode": enum (CgroupMode),
  "transparentHugepageEnabled": enum (TransparentHugepageEnabled),
  "transparentHugepageDefrag": enum (TransparentHugepageDefrag),
  "nodeKernelModuleLoading": {
    object (NodeKernelModuleLoading)
  },
  "hugepages": {
    object (HugepagesConfig)
  },
  "swapConfig": {
    object (SwapConfig)
  }
}
Fields
sysctls

map (key: string, value: string)

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.

The following parameters are supported.

net.core.busy_poll net.core.busy_read net.core.netdev_max_backlog net.core.rmem_max net.core.rmem_default net.core.wmem_default net.core.wmem_max net.core.optmem_max net.core.somaxconn net.ipv4.tcp_rmem net.ipv4.tcp_wmem net.ipv4.tcp_tw_reuse net.ipv4.tcp_max_orphans net.netfilter.nf_conntrack_max net.netfilter.nf_conntrack_buckets net.netfilter.nf_conntrack_tcp_timeout_close_wait net.netfilter.nf_conntrack_tcp_timeout_time_wait net.netfilter.nf_conntrack_tcp_timeout_established net.netfilter.nf_conntrack_acct kernel.shmmni kernel.shmmax kernel.shmall fs.aio-max-nr fs.file-max fs.inotify.max_user_instances fs.inotify.max_user_watches fs.nr_open vm.dirty_background_ratio vm.dirty_expire_centisecs vm.dirty_ratio vm.dirty_writeback_centisecs vm.max_map_count vm.overcommit_memory vm.overcommit_ratio vm.vfs_cache_pressure vm.swappiness vm.watermark_scale_factor vm.min_free_kbytes

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
cgroupMode

enum (CgroupMode)

cgroupMode specifies the cgroup mode to be used on the node.
transparentHugepageEnabled

enum (TransparentHugepageEnabled)

Optional. Transparent hugepage support for anonymous memory can be entirely disabled (mostly for debugging purposes) or only enabled inside MADV_HUGEPAGE regions (to avoid the risk of consuming more memory resources) or enabled system wide.

See https://docs.kernel.org/admin-guide/mm/transhuge.html for more details.
transparentHugepageDefrag

enum (TransparentHugepageDefrag)

Optional. Defines the transparent hugepage defrag configuration on the node. VM hugepage allocation can be managed by either limiting defragmentation for delayed allocation or skipping it entirely for immediate allocation only.

See https://docs.kernel.org/admin-guide/mm/transhuge.html for more details.
nodeKernelModuleLoading

object (NodeKernelModuleLoading)

Optional. Configuration for kernel module loading on nodes. When enabled, the node pool will be provisioned with a Container-Optimized OS image that enforces kernel module signature verification.
hugepages

object (HugepagesConfig)

Optional. Amounts for 2M and 1G hugepages
swapConfig

object (SwapConfig)

Optional. Enables and configures swap space on nodes. If omitted, swap is disabled.

CgroupMode

Possible cgroup modes that can be used.

Enums
CGROUP_MODE_UNSPECIFIED CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
CGROUP_MODE_V1 CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
CGROUP_MODE_V2 CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.

HugepagesConfig

Hugepages amount in both 2m and 1g size

JSON representation 
{
  "hugepageSize2m": integer,
  "hugepageSize1g": integer
}
Fields
hugepageSize2m

integer

Optional. Amount of 2M hugepages
hugepageSize1g

integer

Optional. Amount of 1G hugepages

TransparentHugepageEnabled

Possible values for transparent hugepage enabled support.

Enums
TRANSPARENT_HUGEPAGE_ENABLED_UNSPECIFIED Default value. GKE will not modify the kernel configuration.
TRANSPARENT_HUGEPAGE_ENABLED_ALWAYS Transparent hugepage support for anonymous memory is enabled system wide.
TRANSPARENT_HUGEPAGE_ENABLED_MADVISE Transparent hugepage support for anonymous memory is enabled inside MADV_HUGEPAGE regions. This is the default kernel configuration.
TRANSPARENT_HUGEPAGE_ENABLED_NEVER Transparent hugepage support for anonymous memory is disabled.

TransparentHugepageDefrag

Possible values for transparent hugepage defrag support.

Enums
TRANSPARENT_HUGEPAGE_DEFRAG_UNSPECIFIED Default value. GKE will not modify the kernel configuration.
TRANSPARENT_HUGEPAGE_DEFRAG_ALWAYS It means that an application requesting THP will stall on allocation failure and directly reclaim pages and compact memory in an effort to allocate a THP immediately.
TRANSPARENT_HUGEPAGE_DEFRAG_DEFER It means that an application will wake kswapd in the background to reclaim pages and wake kcompactd to compact memory so that THP is available in the near future. It's the responsibility of khugepaged to then install the THP pages later.
TRANSPARENT_HUGEPAGE_DEFRAG_DEFER_WITH_MADVISE It means that an application will enter direct reclaim and compaction like always, but only for regions that have used madvise(MADV_HUGEPAGE); all other regions will wake kswapd in the background to reclaim pages and wake kcompactd to compact memory so that THP is available in the near future.
TRANSPARENT_HUGEPAGE_DEFRAG_MADVISE It means that an application will enter direct reclaim like always but only for regions that are have used madvise(MADV_HUGEPAGE). This is the default kernel configuration.
TRANSPARENT_HUGEPAGE_DEFRAG_NEVER It means that an application will never enter direct reclaim or compaction.

SwapConfig

Configuration for swap memory on a node pool.

JSON representation 
{
  "enabled": boolean,
  "encryptionConfig": {
    object (EncryptionConfig)
  },

  // Union field performance_profile can be only one of the following:
  "bootDiskProfile": {
    object (BootDiskProfile)
  },
  "ephemeralLocalSsdProfile": {
    object (EphemeralLocalSsdProfile)
  },
  "dedicatedLocalSsdProfile": {
    object (DedicatedLocalSsdProfile)
  }
  // End of list of possible types for union field performance_profile.
}
Fields
enabled

boolean

Optional. Enables or disables swap for the node pool.
encryptionConfig

object (EncryptionConfig)

Optional. If omitted, swap space is encrypted by default.
Union field performance_profile. Optional. Defines the backing storage for the swap space. If omitted, defaults to the 'boot_disk_profile'. performance_profile can be only one of the following:
bootDiskProfile

object (BootDiskProfile)

Swap on the node's boot disk.
ephemeralLocalSsdProfile

object (EphemeralLocalSsdProfile)

Swap on the local SSD shared with pod ephemeral storage.
dedicatedLocalSsdProfile

object (DedicatedLocalSsdProfile)

Provisions a new, separate local NVMe SSD exclusively for swap.

EncryptionConfig

Defines encryption settings for the swap space.

JSON representation 
{
  "disabled": boolean
}
Fields
disabled

boolean

Optional. If true, swap space will not be encrypted. Defaults to false (encrypted).

BootDiskProfile

Swap on the node's boot disk.

JSON representation 
{

  // Union field swap_size can be only one of the following:
  "swapSizeGib": string,
  "swapSizePercent": integer
  // End of list of possible types for union field swap_size.
}
Fields
Union field swap_size. Optional. Specifies the size of the swap space. If omitted, GKE determines an optimal size based on node memory. swap_size can be only one of the following:
swapSizeGib

string (int64 format)

Specifies the size of the swap space in gibibytes (GiB).
swapSizePercent

integer

Specifies the size of the swap space as a percentage of the boot disk size.

EphemeralLocalSsdProfile

Swap on the local SSD shared with pod ephemeral storage.

JSON representation 
{

  // Union field swap_size can be only one of the following:
  "swapSizeGib": string,
  "swapSizePercent": integer
  // End of list of possible types for union field swap_size.
}
Fields
Union field swap_size. Specifies the size of the swap space to be provisioned. swap_size can be only one of the following:
swapSizeGib

string (int64 format)

Specifies the size of the swap space in gibibytes (GiB).
swapSizePercent

integer

Specifies the size of the swap space as a percentage of the ephemeral local SSD capacity.

DedicatedLocalSsdProfile

Provisions a new, separate local NVMe SSD exclusively for swap.

JSON representation 
{
  "diskCount": string
}
Fields
diskCount

string (int64 format)

The number of physical local NVMe SSD disks to attach.

NodeKernelModuleLoading

Configuration for kernel module loading on nodes.

JSON representation 
{
  "policy": enum (Policy)
}
Fields
policy

enum (Policy)

Set the node module loading policy for nodes in the node pool.

Policy

Defines the kernel module loading policy for nodes in the nodepool.

Enums
POLICY_UNSPECIFIED Default behavior. GKE selects the image based on node type. For CPU and TPU nodes, the image will not allow loading external kernel modules. For GPU nodes, the image will allow loading any module, whether it is signed or not.
ENFORCE_SIGNED_MODULES Enforced signature verification: Node pools will use a Container-Optimized OS image configured to allow loading of Google-signed external kernel modules. Loadpin is enabled but configured to exclude modules, and kernel module signature checking is enforced.
DO_NOT_ENFORCE_SIGNED_MODULES Mirrors existing DEFAULT behavior: For CPU and TPU nodes, the image will not allow loading external kernel modules. For GPU nodes, the image will allow loading any module, whether it is signed or not.