Hello All,
Is it possible to set sysctl variables with security context to postgresql pod?
With kubernetes itself support it.
postgres_security_context_settings:
Thanks
Hi, you have already found postgres_security_context_settings, which is the answer. Use that parameter to add any securityContext.
Thank you very much for the answer @kurokobo !
I changed my spec as this;
# Security context
postgres_security_context_settings:
sysctls:
- name: net.core.somaxconn
value: "3072"
Yet i still get default value.
% kubectl exec awx-acc-postgres-15-0 -- sysctl net.core.somaxconn
net.core.somaxconn = 4096
PS: I restart the statefulsets also.
I think its about my node settings. I will check further. Would like to inform.
% kubectl rollout restart deployment
deployment.apps/awx-acc-task restarted
Warning: would violate PodSecurity "baseline:v1.24": forbidden sysctls (net.core.somaxconn)
deployment.apps/awx-acc-web restarted
deployment.apps/awx-operator-controller-manager restarted
Yes, many keys in sysctl are unsafe and usually need to be explicitly allowed by allowedUnsafeSysctls to be modified on a per-pod basis.
I don’t know which distribution you are using but there should be a way to specify allowedUnsafeSysctls e.g. args for kubelet, KubeletConfig, PodSecurityPolicy, etc.
1 Like