kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix a desription error in sysctl file. (#7666) 

modified:   docs/concepts/cluster-administration/sysctl-cluster.md
pull/7693/head
WanLinghao 2018-03-09 13:57:11 +08:00 committed by k8s-ci-robot
parent 131324c34a
commit 3472cfd5fc
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/concepts/cluster-administration/sysctl-cluster.md
View File

@ -130,10 +130,13 @@ to schedule those pods onto the right nodes.
## PodSecurityPolicy Annotations
The use of sysctl in pods can be controlled via annotations on the PodSecurityPolicy.
The use of sysctl in pods can be controlled via annotation on the PodSecurityPolicy.
Here is an example, it authorizes binding user creating pod with corresponding
_safe_ and _unsafe_ sysctls.
Sysctl annotation represents a whitelist of allowed safe and unsafe sysctls
in a pod spec. It's a comma-separated list of plain sysctl names or sysctl patterns
(which end in `*`). The string `*` matches all sysctls.
Here is an example, it authorizes binding user creating pod with corresponding sysctls.
```yaml
apiVersion: extensions/v1beta1
@ -141,8 +144,7 @@ kind: PodSecurityPolicy
metadata:
name: sysctl-psp
annotations:
security.alpha.kubernetes.io/sysctls: 'kernel.shm_rmid_forced'
security.alpha.kubernetes.io/unsafe-sysctls: 'net.ipv4.route.*,kernel.msg*'
security.alpha.kubernetes.io/sysctls: 'net.ipv4.route.*,kernel.msg*'
spec:
...
```