Scanario: I have a container image that needs to run with net.core.somaxconn > default_value. I am using Kubernetes to deploy and run in GCE.
The nodes (vms) in my cluster are configured with correct net.core.somaxconn value. Now the challenge is to start the docker container with flag --sysctl=net.core.somaxconn=4096 from kubernetes. I cannot seem to find the proper documentation to achieve this.
Am I missing something obvious?
Solution 1: use this answer as a template to see how to configure the whole node to that sysctl value; you can use something like echo 4096 >/proc/sys/net/core/somaxconn. Thereafter you can put a label on the nodes that use a VM with the needed sysctl configuration and use nodeSelector in the Pod spec to force scheduling to those nodes. (This only works with non namespaced settings; sys.net.core.somaxconn appears to be namespaced. I would like to leave this solution here as it might help others.)
Solution 2: again, starting from same answer you can add --experimental-allowed-unsafe-sysctls=net.core.somaxconn to the kubelet command line (This only works with namespaced settings; sys.net.core.somaxconn is namespaced). Then you can simply do something like (source):
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
annotations:
security.alpha.kubernetes.io/sysctls: net.core.somaxconn=4096
I hope this helps..
来源:https://stackoverflow.com/questions/44439372/how-to-pass-sysctl-flags-to-docker-from-k8s