Kernel parameters (see the full list by running
sudo sysctl -a) can be categorized as “safe” and “unsafe” in the context of running in a containerized workload orchestration environment such as Kubernetes.
A “safe” sysctl simply means that the said kernel parameter is “namespaced”. i.e., the value within one kernel namespace (container) does not necessarily reflect the value within another kernel namespace (container) and hence does not interfere with the way the underlying containerization machinery operates. An example of a safe sysctl would be the local ip port range (
An “unsafe” sysctl by contrast is not namespaced and can…
Sharing what I learn. And some random musings. Kubernetes + Cloud + DevOps + Travel