Modifying Kernel Parameters Using a Privileged Container
Prerequisites
To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.
Procedure
- Create a DaemonSet on the backend, select the Nginx image, enable the privileged container, configure the lifecycle, and specify hostNetwork: true.
- Create a DaemonSet file.
vi daemonset.yaml
An example YAML file is provided as follows:
The spec.spec.containers.lifecycle field indicates the command that will be run after the container is started.
kind: DaemonSet apiVersion: apps/v1 metadata: name: daemonset-test labels: name: daemonset-test spec: selector: matchLabels: name: daemonset-test template: metadata: labels: name: daemonset-test spec: hostNetwork: true containers: - name: daemonset-test image: nginx:alpine-perl command: - "/bin/sh" args: - "-c" - while :; do time=$(date);done imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: - sysctl - "-w" - net.ipv4.tcp_tw_reuse=1 securityContext: privileged: true imagePullSecrets: - name: default-secret
- Create the DaemonSet.
kubectl create –f daemonSet.yaml
- Create a DaemonSet file.
- Check whether the DaemonSet has been created.
kubectl get daemonset {daemonset_name}
In this example, run the following command:
kubectl get daemonset daemonset-test
Information similar to the following is displayed:
NAME DESIRED CURRENT READY UP-T0-DATE AVAILABLE NODE SELECTOR AGE daemonset-test 2 2 2 2 2 <node> 2h
- Obtain the IDs of the DaemonSet pods on the nodes.
kubectl get pod | grep {daemonset_name}
In this example, run the following command:
kubectl get pod | grep daemonset-test
Information similar to the following is displayed:
daemonset-test-mqdpv 1/1 Running 0 2h daemonset-test-n56vm 1/1 Running 0 2h
- Access the container.
kubectl exec -it {pod_name} -- /bin/sh
In this example, run the following command:
kubectl exec -it daemonset-test-mqdpv -- /bin/sh
- Check whether the configured command is executed after the container is started.
sysctl -a |grep net.ipv4.tcp_tw_reuse
If the following information is displayed, the system parameters are modified successfully:
net.ipv4.tcp_tw_reuse=1
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot