Setting custom sysctl variables in AWX Pods

Hello All,

Is it possible to set sysctl variables with security context to postgresql pod?
With kubernetes itself support it.



Hi, you have already found postgres_security_context_settings, which is the answer. Use that parameter to add any securityContext.

Thank you very much for the answer @kurokobo !

I changed my spec as this;

  # Security context
      - name: net.core.somaxconn
        value: "3072"

Yet i still get default value.

% kubectl exec awx-acc-postgres-15-0 -- sysctl net.core.somaxconn
net.core.somaxconn = 4096

PS: I restart the statefulsets also.

I think its about my node settings. I will check further. Would like to inform.

% kubectl rollout restart deployment
deployment.apps/awx-acc-task restarted
Warning: would violate PodSecurity "baseline:v1.24": forbidden sysctls (net.core.somaxconn)
deployment.apps/awx-acc-web restarted
deployment.apps/awx-operator-controller-manager restarted

Yes, many keys in sysctl are unsafe and usually need to be explicitly allowed by allowedUnsafeSysctls to be modified on a per-pod basis.
I don’t know which distribution you are using but there should be a way to specify allowedUnsafeSysctls e.g. args for kubelet, KubeletConfig, PodSecurityPolicy, etc.

1 Like