Unsafe sysctl attributes

Hello,

I am am developing a microk8s application, in which one of the pods needs to set an unsafe sysctl attribute: sysctl -w kernel.sem="250 32000 32 2048".
(For the record, microk8s was installed using snap on 3-nodes cluster (Centos7), and has helm3 and openebs enabled)

Now, for security and safety reasons, we are not allowed to enable setting unsafe sysctl as part of our k8s deployments, but we can have part of our k8s nodes set to the desired sysctl values, so that the pods that run with affinity to those nodes inherit those values as stated in Kubernetes doc (as far as I understand).

However this didn’t work on microk8s: I set kernel.sem="250 32000 32 2048" on all the nodes but my pod still has kernel.sem=128

I’ve tried to completely re-install snap and microk8s after setting kernel.sem="250 32000 32 2048" on all the nodes but this doesn’t help.

Thanks in advance for any suggestion.

Inspection report: inspection-report-20220125_213112.tar.gz