github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-13 05:46:16 +00:00
Code Issues Projects Releases Wiki Activity

feat: Added net.ipv4.tcp_rmem and net.ipv4.tcp_wmem into safe sysctl list #125234

Browse Source 
Signed-off-by: nikzayn <nikhilvaidyar1997@gmail.com>
This commit is contained in:
nikzayn 2024-06-01 22:40:32 +05:30 committed by Paco Xu
parent c348d099f8
commit 785a5864dc
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/sysctl/safe_sysctls.go
View File

@ -60,6 +60,12 @@ var safeSysctls = []sysctl{
name: "net.ipv4.tcp_keepalive_probes",
kernel: utilkernel.TCPKeepAliveProbesNamespacedKernelVersion,
},
{
name: "net.ipv4.tcp_rmem",
},
{
name: "net.ipv4.tcp_wmem",
},
}
// SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

6
pkg/kubelet/sysctl/safe_sysctls_test.go
View File

@ -41,6 +41,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
"net.ipv4.tcp_syncookies",
"net.ipv4.ping_group_range",
"net.ipv4.ip_unprivileged_port_start",
"net.ipv4.tcp_rmem",
"net.ipv4.tcp_wmem",
},
},
{
@ -56,6 +58,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
"net.ipv4.ping_group_range",
"net.ipv4.ip_unprivileged_port_start",
"net.ipv4.ip_local_reserved_ports",
"net.ipv4.tcp_rmem",
"net.ipv4.tcp_wmem",
},
},
{
@ -75,6 +79,8 @@ func Test_getSafeSysctlAllowlist(t *testing.T) {
"net.ipv4.tcp_fin_timeout",
"net.ipv4.tcp_keepalive_intvl",
"net.ipv4.tcp_keepalive_probes",
"net.ipv4.tcp_rmem",
"net.ipv4.tcp_wmem",
},
},
}