kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request from hunshcn/sysctl 

update safe sysctls
pull/44250/head
Kubernetes Prow Robot 2023-12-07 14:15:01 +01:00 committed by GitHub
parent 66f627baaa bb2cb5fa86
commit 5e5e9fc252
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions
content/en/docs
concepts/security
tasks/administer-cluster

1
content/en/docs/concepts/security/pod-security-standards.md
View File

@ -271,6 +271,7 @@ fail validation.
<li><code>net.ipv4.ip_unprivileged_port_start</code></li>
<li><code>net.ipv4.tcp_syncookies</code></li>
<li><code>net.ipv4.ping_group_range</code></li>
<li><code>net.ipv4.ip_local_reserved_ports</code> (since Kubernetes 1.27)</li>
</ul>
</td>
</tr>

1
content/en/docs/tasks/administer-cluster/sysctl-cluster.md
View File

@ -76,6 +76,7 @@ The following sysctls are supported in the _safe_ set:
- `net.ipv4.tcp_syncookies`,
- `net.ipv4.ping_group_range` (since Kubernetes 1.18),
- `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22).
- `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27).
{{< note >}}
There are some exceptions to the set of safe sysctls: