When create a container, the namespaced kernel parameters such as /proc/sys/net/ipv4/tcp_keepalive_time are initialized to the kernel default values. Using --sysctl option of docker run, they can be overridden. However they cannot be overridden in swarm mode because --sysctl option is not supported in docker service (#25209). The only way to override them in swarm mode is to modify the kernel.

I think it would be helpful if the docker daemon can have default values of namespaced kernel parameters which can be set when the daemon starts. Then the default values can be used to initialize the namespaced kernel parameters of a newly created container to those values.