2 files changed, 13 insertions, 1 deletions

diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 1b5a1be51..cc9476d79 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -139,6 +139,7 @@ type PodCreateOptions struct {
 	Volume             []string          `json:"volume,omitempty"`
 	VolumesFrom        []string          `json:"volumes_from,omitempty"`
 	SecurityOpt        []string          `json:"security_opt,omitempty"`
+	Sysctl             []string          `json:"sysctl,omitempty"`
 }
 
 // PodLogsOptions describes the options to extract pod logs.
@@ -240,7 +241,7 @@ type ContainerCreateOptions struct {
 	StorageOpts       []string
 	SubUIDName        string
 	SubGIDName        string
-	Sysctl            []string
+	Sysctl            []string `json:"sysctl,omitempty"`
 	Systemd           string
 	Timeout           uint
 	TLSVerify         commonFlag.OptionalBool
@@ -360,6 +361,15 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod
 		}
 	}
 	s.Userns = p.Userns
+	sysctl := map[string]string{}
+	if ctl := p.Sysctl; len(ctl) > 0 {
+		sysctl, err = util.ValidateSysctls(ctl)
+		if err != nil {
+			return nil, err
+		}
+	}
+	s.Sysctl = sysctl
+
 	return &s, nil
 }
 
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 33e8422fd..a18364882 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -74,6 +74,8 @@ type PodBasicConfig struct {
 	Userns Namespace `json:"userns,omitempty"`
 	// Devices contains user specified Devices to be added to the Pod
 	Devices []string `json:"pod_devices,omitempty"`
+	// Sysctl sets kernel parameters for the pod
+	Sysctl map[string]string `json:"sysctl,omitempty"`
 }
 
 // PodNetworkConfig contains networking configuration for a pod.