Update README.md.

2021-04-08 11:55:23 -07:00 · 2021-04-08 11:55:23 -07:00 · 83579cb186
commit 83579cb186
parent f4a27f615c
1 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -102,6 +102,7 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
 | **host_dns** | bool | no | Default (`true`). By default, a container launched using `containerd-driver` will use host `/etc/resolv.conf`. This is similar to [`docker behavior`](https://docs.docker.com/config/containers/container-networking/#dns-services). However, if you don't want to use host DNS, you can turn off this flag by setting `host_dns=false`. |
 | **seccomp** | bool | no | Enable default seccomp profile. List of [`allowed syscalls`](https://github.com/containerd/containerd/blob/master/contrib/seccomp/seccomp_default.go#L51-L395). |
 | **seccomp_profile** | string | no | Path to custom seccomp profile. `seccomp` must be set to `true` in order to use `seccomp_profile`. The default `docker` seccomp profile found [`here`](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json) can be used as a reference, and modified to create a custom seccomp profile. |
+| **sysctl** | map[string]string | no | A key-value map of sysctl configurations to set to the containers on start. |
 | **readonly_rootfs** | bool | no | Container root filesystem will be read-only. |
 | **host_network** | bool | no | Enable host network. This is equivalent to `--net=host` in docker. |
 | **extra_hosts** | []string | no | A list of hosts, given as host:IP, to be added to /etc/hosts. |
@ -148,6 +149,17 @@ config {
 }
 ```

+**Sysctl example**
+
+```
+config {
+  sysctl = {
+    "net.core.somaxconn"  = "16384"
+    "net.ipv4.ip_forward" = "1"
+  }
+}
+```
+
 ## Networking

 `nomad-driver-containerd` supports **host** and **bridge** networks.<br/>