Merge pull request #39567 from sigv/patch-1

k8s-ci-robot · web-flow · commit cded548ac603 · 2023-02-20T18:01:48.000-08:00
Rename "Enabling Unsafe Sysctls" section
diff --git a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md
@@ -53,9 +53,9 @@ To get a list of all parameters, you can run
 sudo sysctl -a
 ```
 
-## Enabling Unsafe Sysctls
+## Safe and Unsafe Sysctls
 
-Sysctls are grouped into _safe_ and _unsafe_ sysctls. In addition to proper
+Kubernetes classes sysctls as either _safe_ or _unsafe_. In addition to proper
 namespacing, a _safe_ sysctl must be properly _isolated_ between pods on the
 same node. This means that setting a _safe_ sysctl for one pod
 
@@ -80,6 +80,8 @@ The example `net.ipv4.tcp_syncookies` is not namespaced on Linux kernel version
 This list will be extended in future Kubernetes versions when the kubelet
 supports better isolation mechanisms.
 
+### Enabling Unsafe Sysctls
+
 All _safe_ sysctls are enabled by default.
 
 All _unsafe_ sysctls are disabled by default and must be allowed manually by the
