如何从k8s将sysctl标志传递给docker? [英] How to pass `sysctl` flags to docker from k8s?
问题描述
Scanario:我有一个需要使用net.core.somaxconn
> default_value运行的容器映像.我正在使用Kubernetes在GCE中进行部署和运行.
Scanario: I have a container image that needs to run with net.core.somaxconn
> default_value. I am using Kubernetes to deploy and run in GCE.
我的集群中的节点(vms)配置了正确的net.core.somaxconn
值.现在的挑战是从kubernetes中使用标志--sysctl=net.core.somaxconn=4096
启动docker容器.我似乎找不到合适的文档来实现这一目标.
The nodes (vms) in my cluster are configured with correct net.core.somaxconn
value. Now the challenge is to start the docker container with flag --sysctl=net.core.somaxconn=4096
from kubernetes. I cannot seem to find the proper documentation to achieve this.
我缺少明显的东西吗?
Am I missing something obvious?
推荐答案
Solution 1: use this answer as a template to see how to configure the whole node to that sysctl value; you can use something like echo 4096 >/proc/sys/net/core/somaxconn
. Thereafter you can put a label on the nodes that use a VM with the needed sysctl configuration and use nodeSelector in the Pod spec to force scheduling to those nodes. (This only works with non namespaced settings; sys.net.core.somaxconn appears to be namespaced. I would like to leave this solution here as it might help others.)
解决方案2 :再次从源 a>):
Solution 2: again, starting from same answer you can add --experimental-allowed-unsafe-sysctls=net.core.somaxconn
to the kubelet
command line (This only works with namespaced settings; sys.net.core.somaxconn is namespaced). Then you can simply do something like (source):
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
annotations:
security.alpha.kubernetes.io/sysctls: net.core.somaxconn=4096
我希望这会有所帮助.
这篇关于如何从k8s将sysctl标志传递给docker?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!