Skip to content

Commit

Permalink
fix a desription error in sysctl file. (#7666)
Browse files Browse the repository at this point in the history
modified:   docs/concepts/cluster-administration/sysctl-cluster.md
  • Loading branch information
WanLinghao authored and k8s-ci-robot committed Mar 9, 2018
1 parent 131324c commit 3472cfd
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions docs/concepts/cluster-administration/sysctl-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,19 +130,21 @@ to schedule those pods onto the right nodes.
## PodSecurityPolicy Annotations
The use of sysctl in pods can be controlled via annotations on the PodSecurityPolicy.
The use of sysctl in pods can be controlled via annotation on the PodSecurityPolicy.
Here is an example, it authorizes binding user creating pod with corresponding
_safe_ and _unsafe_ sysctls.
Sysctl annotation represents a whitelist of allowed safe and unsafe sysctls
in a pod spec. It's a comma-separated list of plain sysctl names or sysctl patterns
(which end in `*`). The string `*` matches all sysctls.

Here is an example, it authorizes binding user creating pod with corresponding sysctls.

```yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: sysctl-psp
annotations:
security.alpha.kubernetes.io/sysctls: 'kernel.shm_rmid_forced'
security.alpha.kubernetes.io/unsafe-sysctls: 'net.ipv4.route.*,kernel.msg*'
security.alpha.kubernetes.io/sysctls: 'net.ipv4.route.*,kernel.msg*'
spec:
...
```

0 comments on commit 3472cfd

Please sign in to comment.