package sysctl

kubernetes – k8s.io/kubernetes/pkg/kubelet/sysctl Index | Files

import "k8s.io/kubernetes/pkg/kubelet/sysctl"

Index ¶

Constants
func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext)
func NewAllowlist(patterns []string) (*patternAllowlist, error)
func SafeSysctlAllowlist(ctx context.Context) []string

Constants ¶

const (
	ForbiddenReason = "SysctlForbidden"
)

Functions ¶

func ConvertPodSysctlsVariableToDotsSeparator ¶

func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext)

ConvertPodSysctlsVariableToDotsSeparator converts sysctls variable in the Pod.Spec.SecurityContext.Sysctls slice into a dot as a separator according to the linux sysctl conversion rules. see https://man7.org/linux/man-pages/man5/sysctl.d.5.html for more details.

func NewAllowlist ¶

func NewAllowlist(patterns []string) (*patternAllowlist, error)

NewAllowlist creates a new Allowlist from a list of sysctls and sysctl pattern (ending in *).

func SafeSysctlAllowlist ¶

func SafeSysctlAllowlist(ctx context.Context) []string

SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Source Files ¶

allowlist.go safe_sysctls.go util.go

Version: v1.33.0 (latest)
Published: Apr 23, 2025
Platform: linux/amd64
Imports: 12 packages
Last checked: 3 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples