Home > Software engineering >  Error setting sysctl parameters "net.ipv4.tcp_retries2" for a specific pod in the AKS clus
Error setting sysctl parameters "net.ipv4.tcp_retries2" for a specific pod in the AKS clus

Time:03-18

I am working on a requirement wherein we want to update a specific kernel parameter "net.ipv4.tcp_retries2" to "5" in the Kubernetes POD.

We are using AKS cluster v1.21.7

I tried using securityContext to set the above sysctl parameters but it failed

  template:
    metadata:
      labels:
        app.kubernetes.io/name: weather-forecast-api
        app.kubernetes.io/instance: RELEASE-NAME
    spec:
      serviceAccountName: RELEASE-NAME-weather-forecast-api
      securityContext:
        sysctls:
        - name: net.ipv4.tcp_retries2
          value: "5"

When I applied the above changes in the AKS, the pod failed to run and gave the error

forbidden sysctl: "net.ipv4.tcp_retries2" not whitelisted

I know we can modify kernel-level settings at the Kubelet level on a bare-bone Kubernetes cluster but in my case, it is a managed cluster from Azure.

CodePudding user response:

Use an init container to set:

...
template:
  metadata:
    labels:
      app.kubernetes.io/name: weather-forecast-api
      app.kubernetes.io/instance: RELEASE-NAME
  spec:
    serviceAccountName: RELEASE-NAME-weather-forecast-api
    initContainers:
    - name: sysctl
      image: busybox
      securityContext:
        privileged: true
      command: ["sh", "-c", "sysctl -w net.ipv4.tcp_retries2=3"]
    ...
  • Related