Linux Kernel Version Requirements
Many features rely on specific kernel functionalities and have minimum kernel version requirements. However, relying solely on kernel version numbers may not be sufficient for certain operating system distributions, as maintainers for distributions such as RHEL, Ubuntu and SUSE often backport selected features to older kernel releases (retaining the older kernel version).
Pod sysctls
On Linux, the sysctl()
system call configures kernel parameters at run time. There is a command
line tool named sysctl
that you can use to configure these parameters, and many are exposed via
the proc
filesystem.
Some sysctls are only available if you have a modern enough kernel.
The following sysctls have a minimal kernel version requirement, and are supported in the safe set:
net.ipv4.ip_local_reserved_ports
(since Kubernetes 1.27, needs kernel 3.16+);net.ipv4.tcp_keepalive_time
(since Kubernetes 1.29, needs kernel 4.5+);net.ipv4.tcp_fin_timeout
(since Kubernetes 1.29, needs kernel 4.6+);net.ipv4.tcp_keepalive_intvl
(since Kubernetes 1.29, needs kernel 4.5+);net.ipv4.tcp_keepalive_probes
(since Kubernetes 1.29, needs kernel 4.5+);net.ipv4.tcp_syncookies
(namespaced since kernel 4.6+).net.ipv4.tcp_rmem
(since Kubernetes 1.32, needs kernel 4.15+).net.ipv4.tcp_wmem
(since Kubernetes 1.32, needs kernel 4.15+).net.ipv4.vs.conn_reuse_mode
(used inipvs
proxy mode, needs kernel 4.1+);
kube proxy nftables
proxy mode
For Kubernetes 1.32, the
nftables
mode of kube-proxy requires
version 1.0.1 or later
of the nft command-line tool, as well as kernel 5.13 or later.
For testing/development purposes, you can use older kernels, as far back as 5.4 if you set the
nftables.skipKernelVersionCheck
option in the kube-proxy config.
But this is not recommended in production since it may cause problems with other nftables
users on the system.
Version 2 control groups
Kubernetes cgroup v1 support is in maintained mode starting from Kubernetes v1.31; using cgroup v2
is recommended.
In Linux 5.8, the system-level cpu.stat
file was added to the root cgroup for convenience.
In runc document, Kernel older than 5.2 is not recommended due to lack of freezer.
Other kernel requirements
Some features may depend on new kernel functionalities and have specific kernel requirements:
- Recursive read only mount:
This is implemented by applying the
MOUNT_ATTR_RDONLY
attribute with theAT_RECURSIVE
flag usingmount_setattr
(2) added in Linux kernel v5.12. - Pod user namespace support requires minimal kernel version 6.5+, according to KEP-127.
- For node system swap, tmpfs set to
noswap
is not supported until kernel 6.3.
Linux kernel long term maintenance
Active kernel releases can be found in kernel.org.
There are usually several long term maintenance kernel releases provided for the purposes of backporting bug fixes for older kernel trees. Only important bug fixes are applied to such kernels and they don't usually see very frequent releases, especially for older trees. See the Linux kernel website for the list of releases in the Longterm category.
What's next
- See sysctls for more details.
- Allow running kube-proxy with in nftables mode.
- Read more information in cgroups v2.
Items on this page refer to third party products or projects that provide functionality required by Kubernetes. The Kubernetes project authors aren't responsible for those third-party products or projects. See the CNCF website guidelines for more details.
You should read the content guide before proposing a change that adds an extra third-party link.