We need to enable some sysctl parameters in kubernetes. This should be achievable with the below annotation in the Deployment.
annotations:
security.alpha.kubernetes.io/unsafe-sysctls: net.ipv4.ip_local_port_range="10240 65535"
When doing so the container fails to start with the error:
Warning FailedCreatePodSandBox 8s (x12 over 19s) kubelet, <node> Failed create pod sandbox.
The solution looks to be to add this flag to the kublet:
--experimental-allowed-unsafe-sysctls
Which for other flags can be done under kubelet in
kops edit cluster
Does anyone know the correct way to do this as it refuses to pick up the setting when entering the flag there.
Thanks, Alex
As of 2020-05-18, the proper config is, for example:
kubelet:
allowedUnsafeSysctls:
- net.ipv4.ip_local_port_range="10240 65535"
In general, all KOPS config must be camelCased.
From here, KOPS 1.16.2+