What are unsafe sysctls?

Kernel parameters (see the full list by running sudo sysctl -a) can be categorized as “safe” and “unsafe” in the context of running in a containerized workload orchestration environment such as Kubernetes.

A “safe” sysctl simply means that the said kernel parameter is “namespaced”. i.e., the value within one kernel namespace (container) does not necessarily reflect the value within another kernel namespace (container) and hence does not interfere with the way the underlying containerization machinery operates. An example of a safe sysctl would be the local ip port range (net.ipv4.ip_local_port_range)

An “unsafe” sysctl by contrast is not namespaced and can…

Sandeep Raju

Sharing what I learn. And some random musings. Kubernetes + Cloud + DevOps + Travel

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store