Home > front end >  How to change value for TCP_KEEP_ALIVE value in K8S Pod
How to change value for TCP_KEEP_ALIVE value in K8S Pod

Time:05-26

I setup a k8s cluster using microk8s. I wonder how to change the default TCP Keep Alive Value in the Pod. When i apply the yaml file, it will give me allowedUnsafeSysctls error

apiVersion: apps/v1
kind: Deployment
metadata:
  name: input-adaptor-deployment
  namespace: mgr-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      component: input-adaptor
  template:
    metadata:
      labels:
        component: input-adaptor
    spec:
     securityContext:
      sysctls:
       - name: net.ipv4.tcp_keepalive_intvl
         value: "45"
       - name: net.ipv4.tcp_keepalive_probes
         value: "15"
       - name: net.ipv4.tcp_keepalive_time
         value: "120"
      containers:
        - name: input-adaptor
          image: registry.development.gitlab/food/input-adaptor
          resources:
            requests:
              memory: '16Mi'
              cpu: '100m'
            limits:
              memory: '80Mi'
              cpu: '500m'
          ports:
            - containerPort: 5003

      imagePullSecrets:
        - name: registry-credentials-gitlab

:

CodePudding user response:

You need to enable unsafe sysctl settings. See the docs here

https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/

There is also some good information in this answer":

Error: Flag --allowed-unsafe-sysctls has been deprecated

Note, you basically need to configure k8s to allow unsafe sysctl settings ie by allowing them you understand the consequences.

CodePudding user response:

As mentioned in the document you need to enable unsafe sysctl settings to fix your error:

Sysctls are grouped into safe and unsafe sysctls. In addition to proper namespacing, a safe sysctl must be properly isolated between pods on the same node. All safe sysctls are enabled by default.All unsafe sysctls are disabled by default and must be allowed manually by the cluster admin on a per-node basis. Pods with disabled unsafe sysctls will be scheduled, but will fail to launch.

The following examples demonstrate how to set operating system TCP keep-alive parameters with an interval value of one minute.

sudo /sbin/sysctl -w net.ipv4.tcp_keepalive_time=60 net.ipv4.tcp_keepalive_intvl=60 net.ipv4.tcp_keepalive_probes=5

To ensure that the settings survive a reboot, add the settings to your /etc/sysctl.conf file.

Refer to link for more information.

  • Related