那些遇到过的问题

小编eng*_*ame的帖子

错误:标志 --allowed-unsafe-sysctls 已被弃用

我正在尝试在节点上执行kubelet --allowed-unsafe-sysctls 'net.core.somaxconn'

但返回Flag --allowed-unsafe-sysctls has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.

我也尝试过使用PodSecurityPolicy,但仍然不起作用

apiVersion: v1
kind: PodSecurityPolicy
metadata:
  name: sysctl-psp
spec:
  sysctls:
    - net.*
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
Run Code Online (Sandbox Code Playgroud)

我收到以下错误: forbidden sysctl: "net.core.somaxconn" not whitelisted

yaml详细信息:

apiVersion: v1
kind: Pod
metadata:
  name: sysctl-example
spec:
  securityContext:
    sysctls:
      - name: net.core.somaxconn
        value: "65535"
        unsafe: true
  containers:
    - …
Run Code Online (Sandbox Code Playgroud)

kubernetes kubelet

eng*_*ame
2020 08-27
2
推荐指数
1
解决办法
6106
查看次数

标签 统计

kubelet ×1

kubernetes ×1