Hello having difficulty whitelisting sysctls in k3s I don t Rancher Users #k3s

Hello, having difficulty whitelisting sysctls in k...

quaint-terabyte-39952

09/21/2025, 3:56 AM

Hello, having difficulty whitelisting sysctls in k3s I don't see any documentation regarding it and I've tried

Copy code

apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
allowedUnsafeSysctls:
- "net.ipv4.conf.all.src_valid_mark"
- "net.ipv6.conf.all.disable_ipv6"

but that doesn't seem to work it just gets deleted on restart I've also tried and that does the same thing

Copy code

kubelet:
  sysctls:
    net.ipv4.conf.all.src_valid_mark: "1"
    net.ipv6.conf.all.disable_ipv6: "1"

the error I'm getting is

Warning  SysctlForbidden  45s   kubelet forbidden sysctl: "net.ipv4.conf.all.src_valid_mark" not allowlisted

quaint-terabyte-39952

09/21/2025, 6:14 AM

Solution is in /etc/rancher/k3s/config.yaml

Copy code

kubelet-arg:
    ◦ allowed-unsafe-sysctls=net.ipv4.ip_forward
    ◦ allowed-unsafe-sysctls=net.ipv4.conf.all.src_valid_mark
    ◦ allowed-unsafe-sysctls=net.ipv6.conf.all.disable_ipv6

19 Views

Open in Slack

Previous Next