deployment icon indicating copy to clipboard operation
deployment copied to clipboard
verified publisher icon coredns

add net.ipv4.ip_unprivileged_port_start sysctl

Open pacoxu opened this issue 1 year ago • 5 comments

https://github.com/kubernetes/kubernetes/pull/103326 marked it as safe sysctl since Kubernetes v1.22.

Kernel 4.11 add this: https://github.com/torvalds/linux/commit/4548b683b78137f8eadeb312b94e20bb0d4a7141 which is per namespaced.

xref https://github.com/coredns/coredns/issues/6716 and https://github.com/kubernetes/kubernetes/issues/125226.

pacoxu avatar Aug 06 '24 04:08 pacoxu

CI failure is golang install failure. I sent a PR https://github.com/coredns/deployment/pull/299 to fix the CI seperately.

pacoxu avatar Aug 06 '24 06:08 pacoxu

/assign @chrisohaver

pacoxu avatar Aug 06 '24 06:08 pacoxu

BTW, this needs kernel 4.11+

Or coredns pod will fail with below error:

Warning FailedCreatePodSandBox 2s (x13 over 43s) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory: unknown

For more context, see https://github.com/kubernetes/kubernetes/pull/105309#issuecomment-1635303233.

pacoxu avatar Aug 06 '24 06:08 pacoxu

/hold for kernel version 4.11 requirement

pacoxu avatar Aug 06 '24 07:08 pacoxu

Thanks, Pacoxu. 👍

Tej-Singh-Rana avatar Aug 06 '24 18:08 Tej-Singh-Rana