eng*_*ame 2 kubernetes kubelet
我正在尝试在节点上执行kubelet --allowed-unsafe-sysctls 'net.core.somaxconn'
但返回Flag --allowed-unsafe-sysctls has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
我也尝试过使用PodSecurityPolicy,但仍然不起作用
apiVersion: v1
kind: PodSecurityPolicy
metadata:
name: sysctl-psp
spec:
sysctls:
- net.*
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
我收到以下错误:
forbidden sysctl: "net.core.somaxconn" not whitelisted
yaml详细信息:
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
spec:
securityContext:
sysctls:
- name: net.core.somaxconn
value: "65535"
unsafe: true
containers:
- image: tomcat
name: tomcat
正如错误所示,您需要使用--config设置 Kubelet 配置文件路径的标志来启动 Kubelet。然后 Kubelet 将从该文件加载其配置。
您可以自己编写配置文件,也可以通过KubeletConfiguration对象生成配置文件。
示例 YAML:
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
allowedUnsafeSysctls:
- "net.core.somaxconn"
遵循此文档 -通过配置文件设置 Kubelet 参数
| 归档时间: |
|
| 查看次数: |
6106 次 |
| 最近记录: |