【发布时间】:2020-12-16 00:32:08
【问题描述】:
我正在尝试在节点kubelet --allowed-unsafe-sysctls 'net.core.somaxconn'上执行
但返回Flag --allowed-unsafe-sysctls has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
我也尝试过使用 PodSecurityPolicy,但还是不行
apiVersion: v1
kind: PodSecurityPolicy
metadata:
name: sysctl-psp
spec:
sysctls:
- net.*
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
我收到以下错误:
forbidden sysctl: "net.core.somaxconn" not whitelisted
yaml 详解:
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
spec:
securityContext:
sysctls:
- name: net.core.somaxconn
value: "65535"
unsafe: true
containers:
- image: tomcat
name: tomcat
【问题讨论】:
标签: kubernetes kubelet