From 523f62cd5c070d7abc6015abcf51a1a1ecc2583f Mon Sep 17 00:00:00 2001
From: "ohotnikov.ivan" <ohotnikov.ivan@e-queo.net>
Date: Mon, 27 Apr 2026 15:39:23 +0300
Subject: [PATCH] feat(charts/cozystack): add recommended sysctl and etcd
 defaults

Add recommended sysctl parameters for TCP orphan handling, network backlog,
and TCP keepalive to improve DRBD connection stability and prevent port exhaustion.

Add etcd quota and request size limits to prevent etcd running out of space
with large LINSTOR CRD datasets and allow larger CRD objects to be stored.

Signed-off-by: ohotnikov.ivan <ohotnikov.ivan@e-queo.net>
---
 charts/cozystack/templates/_helpers.tpl | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/charts/cozystack/templates/_helpers.tpl b/charts/cozystack/templates/_helpers.tpl
index 9dae816b..42697b94 100644
--- a/charts/cozystack/templates/_helpers.tpl
+++ b/charts/cozystack/templates/_helpers.tpl
@@ -29,6 +29,17 @@ machine:
     net.ipv4.neigh.default.gc_thresh1: "4096"
     net.ipv4.neigh.default.gc_thresh2: "8192"
     net.ipv4.neigh.default.gc_thresh3: "16384"
+    # TCP orphan handling
+    net.ipv4.tcp_orphan_retries: "3"
+    net.ipv4.tcp_fin_timeout: "30"
+    # Network backlog
+    net.core.netdev_max_backlog: "5000"
+    net.core.netdev_budget: "600"
+    net.core.netdev_budget_usecs: "8000"
+    # TCP keepalive (early detection of dead connections)
+    net.ipv4.tcp_keepalive_time: "600"
+    net.ipv4.tcp_keepalive_intvl: "10"
+    net.ipv4.tcp_keepalive_probes: "6"
   kernel:
     modules:
     - name: openvswitch
@@ -120,6 +131,9 @@ cluster:
   etcd:
     advertisedSubnets:
       {{- toYaml .Values.advertisedSubnets | nindent 6 }}
+    extraArgs:
+      quota-backend-bytes: "8589934592"  # 8GiB - prevent etcd running out of space with large LINSTOR CRD datasets
+      max-request-bytes: "10485760"      # 10MiB - allow larger CRD objects to be stored
   {{- end }}
 {{- end }}