File tree Expand file tree Collapse file tree 2 files changed +11
-1
lines changed Expand file tree Collapse file tree 2 files changed +11
-1
lines changed Original file line number Diff line number Diff line change @@ -315,6 +315,7 @@ fail validation.
315315 <li ><code >net.ipv4.ip_unprivileged_port_start</code ></li >
316316 <li ><code >net.ipv4.tcp_syncookies</code ></li >
317317 <li ><code >net.ipv4.ping_group_range</code ></li >
318+ <li ><code >net.ipv4.ip_local_reserved_ports</code ><!-- (since Kubernetes 1.27)--> li >
318319 </ul >
319320 </td >
320321 </tr >
Original file line number Diff line number Diff line change @@ -128,11 +128,20 @@ The following sysctls are supported in the _safe_ set:
128128至今为止,大多数 ** 有命名空间的** sysctl 参数不一定被认为是 ** 安全** 的。
129129以下几种 sysctl 参数是 ** 安全的** :
130130
131+ <!--
132+ - `kernel.shm_rmid_forced`,
133+ - `net.ipv4.ip_local_port_range`,
134+ - `net.ipv4.tcp_syncookies`,
135+ - `net.ipv4.ping_group_range` (since Kubernetes 1.18),
136+ - `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22),
137+ - `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27).
138+ -->
131139- ` kernel.shm_rmid_forced ` ,
132140- ` net.ipv4.ip_local_port_range ` ,
133141- ` net.ipv4.tcp_syncookies ` ,
134142- ` net.ipv4.ping_group_range ` (从 Kubernetes 1.18 开始),
135- - ` net.ipv4.ip_unprivileged_port_start ` (从 Kubernetes 1.22 开始)。
143+ - ` net.ipv4.ip_unprivileged_port_start ` (从 Kubernetes 1.22 开始),
144+ - ` net.ipv4.ip_local_reserved_ports ` (从 Kubernetes 1.27 开始)。
136145
137146{{< note >}}
138147<!--
You can’t perform that action at this time.
0 commit comments