Configuring interface-level network sysctls

The main CNI plugin assigns the interface and passes this to the tuning CNI meta plugin at runtime. You can change some sysctls and several interface attributes (promiscuous mode, all-multicast mode, MTU, and MAC address) in the network namespace by using the tuning CNI meta plugin. In the tuning CNI meta plugin configuration, the interface name is represented by the token, and is replaced with the actual name of the interface at runtime.

The following procedure configures the tuning CNI to change the interface-level network net.ipv4.conf.IFNAME.accept_redirects sysctl. This example enables accepting and sending ICMP-redirected packets.

Create a network attachment definition, such as tuning-example.yaml, with the following content:

An example yaml file is shown here:

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: tuningnad
  namespace: default
spec:
  config: '{
    "cniVersion": "0.4.0",
    "name": "tuningnad",
    "plugins": [{
      "type": "bridge"
      },
      {
      "type": "tuning",
      "sysctl": {
        }
  ]
}'

Apply the yaml by running the following command:
```
$ oc apply -f tuning-example.yaml
```
Example output

apiVersion: v1
kind: Pod
metadata:
  name: tunepod
  namespace: default
  annotations:
    k8s.v1.cni.cncf.io/networks: tuningnad (1)
spec:
  containers:
  - name: podexample
    image: centos
    securityContext:
      runAsUser: 2000 (2)
      runAsGroup: 3000 (3)
      capabilities: (5)
        drop: ["ALL"]
  securityContext:
    runAsNonRoot: true (6)
    seccompProfile: (7)
      type: RuntimeDefault

Apply the yaml by running the following command:
```
$ oc apply -f examplepod.yaml
```

Verify that the pod is created by running the following command:

Example output

NAME      READY   STATUS    RESTARTS   AGE
tunepod   1/1     Running   0          47s

Log in to the pod by running the following command:
```
$ oc rsh tunepod
```
Expected output

Additional resources

Using sysctls in containers