问题描述
我正在尝试在节点kubelet --allowed-unsafe-sysctls 'net.core.somaxconn'上执行
但返回Flag --allowed-unsafe-sysctls has been deprecated,This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
我也尝试过使用PodSecurityPolicy,但是它仍然不起作用
apiVersion: v1
kind: PodSecurityPolicy
metadata:
name: sysctl-psp
spec:
sysctls:
- net.*
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
我收到以下错误:
forbidden sysctl: "net.core.somaxconn" not whitelisted
yaml详细:
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
spec:
securityContext:
sysctls:
- name: net.core.somaxconn
value: "65535"
unsafe: true
containers:
- image: tomcat
name: tomcat
解决方法
如错误所示,您需要使用--config标志启动Kubelet,该标志设置Kubelet的配置文件的路径。然后,Kubelet将从该文件加载其配置。
您可以自己编写配置文件,也可以由KubeletConfiguration对象生成配置文件。
示例YAML:
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
allowedUnsafeSysctls:
- "net.core.somaxconn"
设置时间 控制面板
错误1:Request method ‘DELETE‘ not supported 错误还原:...