# Kubernetes networking requirements
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1

# inotify limits (containerd + kubelet watch requirements)
fs.inotify.max_user_instances = 1024
fs.inotify.max_user_watches = 524288

# Connection tracking (kube-proxy)
net.netfilter.nf_conntrack_max = 131072

# File descriptor limits
fs.file-max = 1048576

# Disable swap (K8s requirement — though we have no swap anyway)
vm.swappiness = 0