I am working on a requirement wherein we want to update a specific kernel parameter "net.ipv4.tcp_retries2" to "5" in the Kubernetes POD.
We are using AKS cluster v1.21.7
I tried using securityContext to set the above sysctl parameters but it failed
template:
metadata:
labels:
app.kubernetes.io/name: weather-forecast-api
app.kubernetes.io/instance: RELEASE-NAME
spec:
serviceAccountName: RELEASE-NAME-weather-forecast-api
securityContext:
sysctls:
- name: net.ipv4.tcp_retries2
value: "5"
When I applied the above changes in the AKS, the pod failed to run and gave the error
forbidden sysctl: "net.ipv4.tcp_retries2" not whitelisted
I know we can modify kernel-level settings at the Kubelet level on a bare-bone Kubernetes cluster but in my case, it is a managed cluster from Azure.
Use an init container to set:
...
template:
metadata:
labels:
app.kubernetes.io/name: weather-forecast-api
app.kubernetes.io/instance: RELEASE-NAME
spec:
serviceAccountName: RELEASE-NAME-weather-forecast-api
initContainers:
- name: sysctl
image: busybox
securityContext:
privileged: true
command: ["sh", "-c", "sysctl -w net.ipv4.tcp_retries2=3"]
...