Is it possible to disable Spectre and Meltdown patches on later builds of CoreOS? At my company we are running an entirely internal Kubernetes computer cluster, and are looking to get the performance back.
On a normal linux system, you could boot with the kernel boot parameters:
pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier
But adding:
set linux_append="coreos.autologin=tty1 pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier"
To /usr/share/oem/grub.cfg
doesn't appear to have any effect.
I'm wondering if I have the configuration incorrect or if CoreOS just doesn't allow changing this behavior.
If it helps, we're running CoreOS version: "Container Linux by CoreOS 1967.6.0 (Rhyolite)"
So apparently the above config does in fact disable those patches. I was using /proc/cpuinfo
to determine whether or not the patches were applied. A colleague ran a checker and they are disabled after adding the above config.
Go figure, don't trust /proc/cpuinfo
for spectre/meltdown on container linux.