Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38757

Safe and Unsafe Sysctls in OpenShift 4.14+ Documentation Inconsistency

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.15.z
    • 4.14, 4.15
    • Documentation / CNF
    • None
    • None
    • 3
    • T&PS 2024 #9, T&PS 2024 #10
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      2024-09-16: PR merged
      2024-09-06: I ran quick QE and updated docs PR sent for review
      Show
      2024-09-16: PR merged 2024-09-06: I ran quick QE and updated docs PR sent for review

      Description of problem:

      There appears to be an inconsistency between the Kubernetes documentation and the actual availability of Safe and Unsafe Sysctls settings in OpenShift versions 4.14 and later.

This documentation inconsistency may cause confusion for users and administrators to configure sysctl settings in OpenShift environments.

      According to the Kubernetes documentation:

      • net.ipv4.ip_local_reserved_ports is available since Kubernetes 1.27 and requires kernel 3.16+.
      • net.ipv4.tcp_keepalive_time is available since Kubernetes 1.29 and requires kernel 4.5+.
      • net.ipv4.tcp_fin_timeout is available since Kubernetes 1.29 and requires kernel 4.6+.
      • net.ipv4.tcp_keepalive_intvl is available since Kubernetes 1.29 and requires kernel 4.5+.
      • net.ipv4.tcp_keepalive_probes is available since Kubernetes 1.29 and requires kernel 4.5+.

      Given the mapping:

      • OpenShift 4.14 = Kubernetes 1.27
      • OpenShift 4.15 = Kubernetes 1.28
      • OpenShift 4.16 = Kubernetes 1.29

      It would be expected that some of these sysctl settings should not be available in OpenShift 4.14 and 4.15.

      However, according to OCPBUGS-29402, it seems that all these sysctl settings are available starting from OpenShift 4.14+, which contradicts the upstream Kubernetes documentation.

      Version-Release number of selected component (if applicable):

          4.14.+ OCP Documents

      How reproducible:

      Steps to Reproduce:

          1. Review the Kubernetes documentation on Safe and Unsafe Sysctls
    2. Review the sysctl settings available in OpenShift 4.14 and later
    3. Compare the expected availability based on the Kubernetes documentation and the actual behavior in OpenShift    

      Actual results:

          The sysctl settings seem to be available in OpenShift 4.14+ despite them being documented as only available in later Kubernetes versions (1.29).

      Expected results:

      The availability of sysctl settings in OpenShift 4.14 and later should align with the upstream Kubernetes documentation, where certain settings are only introduced in Kubernetes 1.29.    

      Additional info:

          1. https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#safe-and-unsafe-sysctls
    2. https://docs.openshift.com/container-platform/4.14/nodes/containers/nodes-containers-sysctls.html

              rhn-support-kquinn Kevin Quinn
              rhn-support-judzhu Xiaoguang Zhu
              Nikita Kononov Nikita Kononov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: