1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
It depends on how you configure your EKS Nodes. It could be managed node groups, self-managed node groups or even EC2 instances added by the Karpenter to your cluster.
Anyway, you can create your own AMI images with the above changes, check if Bottlerocket has this enforcement enabled and switch to it or do the update via the UserData.
Relevant content
- asked a year ago
- asked 3 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
ok, But is there any consequences if we setup 'net.ipv4.tcp_timestamps = 0' in our EKS nodes ? any performance issue we might face ? we want to fix this, without breaking our Cluster performance
==> The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.
Based on the information available about this feature, it can impact network performance and stability on the high load. Only you can test how it will impact your specific workload. I would assess the risks you have when it's enabled (I guess it's fingerprinting by the timestamp) and if it impacts your security at all.