[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

enabling unsafe sysctls in OSO



I need to set some sysctls in a couple of my DeploymentConfigs for their pods. I have followed https://docs.openshift.com/container-platform/3.9/admin_guide/sysctls.html but when I deploy the pods and exec in to the container, the sysctls are not set. My dc file contains:

objects:
- kind: DeploymentConfig
  apiVersion: v1
  metadata:
    name: cl
    annotations:
      security.alpha.kubernetes.io/sysctls: net.ipv4.ip_local_port_range=9000 65500
      security.alpha.kubernetes.io/unsafe-sysctls: net.core.rmem_default=4194304,net.core.rmem_max=16777216,net.core.wmem_default=262144,net.core.wmem_max=16777216,net.ipv4.tcp_rmem=4096 87380 16777216,net.ipv4.tcp_wmem=4096 65536 16777216
  spec:

and I have updated the node-config.yaml file with

kubeletArguments:
  node-labels:
  - role=app
  experimental-allowed-unsafe-sysctls:
  - "net.core.*,net.ipv4.tcp_rmem,net.ipv4.tcp_wmem"

On the minions I have the same values set for those sysctls at the host level.

Any ideas on why this is successfully creating the pods but not setting the sysctls? Has anyone gotten this to work?

Peter

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]