Set custom sysctl settings | Davidhsaiou Docs

# Set custom sysctl settings for Kubernetes pods

In K8s pod, the sysctl params are divided into namespaced params and none-namespaced. The none namespaced params will fill from the node, the namespaced params will fill in default values.

Detail can see doc from K8s kubelet.

Set sysctl params in `securityContext`

securityContext:
sysctls:
  - name: "net.ipv4.tcp_syn_retries"
    value: "1"

Note

The net.ipv4.tcp_syn_retries is unsafe param, it needs to allow the kubelet arg --allowed-unsafe-sysctls.

When sysctl param unsafe

When sysctl param is unsafe, it needs a kubelet arg to allow unsafe sysctl params.

kubelet --allowed-unsafe-sysctls \
  'net.ipv4.tcp_syn_retries,net.core.something' ...

Reference

Using sysctls in K8s Cluster

Table of Contents

Set sysctl params in securityContext

Note

When sysctl param unsafe

Reference

Set sysctl params in `securityContext`