[FEAT] Support sysctl configurations from Pod Spec #17464
Conversation
openshift-ci
bot
added
do-not-merge/work-in-progress
|
Can you add a test? Start a pod and then inspect the container to make sure the sysctl is set. |
|
@rhatdan Yes, working on it. |
|
I have a query regarding the implementation. If i set the sysctl while creating the pod, its not updating. But if i set the same while creating containers, its working fine. I feel like this should be working when the infracontainer is created!! |
|
@Luap99 PTAL at my above query. |
|
NVM, figured it out :) It should be with infracontainers. |
hasan4791
force-pushed
the
issue-16711
branch
from
a98ecd2 to
3e320b7
Compare
hasan4791
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
hasan4791
force-pushed
the
issue-16711
branch
2 times, most recently
from
c1adc52 to
bdf4076
Compare
Support sysctl configuration from Pod spec via podman kube play CLI Closes containers#16711 Signed-off-by: T K Chandra Hasan <[email protected]>
hasan4791
force-pushed
the
issue-16711
branch
from
bdf4076 to
94d4b52
Compare
|
Thanks for contributing, @hasan4791 ! |
| It("podman play kube test with sysctl & host network defined", func() { | ||
| SkipIfRootless("Network sysctls are not available for rootless") | ||
| err := writeYaml(podWithSysctlHostNetDefined, kubeYaml) | ||
| Expect(err).ToNot(HaveOccurred()) | ||
|
|
||
| kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) | ||
| kube.WaitWithDefaultTimeout() | ||
| Expect(kube).Should(Exit(125)) | ||
| }) |
There was a problem hiding this comment.
Doesn't this test change the somaxconn value on the host, thus effecting all systems where this was run permanently? Tests should not change host behaviour. AFAIK having such a high value can be abused to create a DOS attack against the machine.
I recommend to use a safer sysctl for this test.
There was a problem hiding this comment.
This testcase is to check the failure. We cannot set sysctl when host network is enabled.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hasan4791, Luap99 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
approved
github-actions
bot
added
the
locked - please file new issue/PR
Signed-off-by: T K Chandra Hasan [email protected]
Fixes: #16711
Does this PR introduce a user-facing change?
Yes