init container "sysctl: error setting key 'net.ipv4.ip_local_port_range': Read-only file system"

The problem is that you cannot run sysctl without the privileged mode due to security reasons. This is expected since docker restricts access to /proc and /sys.

In order for this to work you need to use the privileged mode for the init container and than either:

• Use sysctls in a Kubernetes Cluster by specifing a proper securityContext for a Pod. For example:

  securityContext:    sysctls:    - name: kernel.shm_rmid_forced      value: "0"    - name: net.core.somaxconn      value: "1024"    - name: kernel.msgmax      value: "65536"

• Use PodSecurityPolicy to control which sysctls can be set in pods by specifying lists of sysctls or sysctl patterns in the forbiddenSysctls and/or allowedUnsafeSysctls fields of the PodSecurityPolicy. For example:

apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata:  name: sysctl-pspspec:  allowedUnsafeSysctls:  - kernel.msg*  forbiddenSysctls:  - kernel.shm_rmid_forced

Notice that:

If you allow unsafe sysctls via the allowedUnsafeSysctls field in aPodSecurityPolicy, any pod using such a sysctl will fail to start ifthe sysctl is not allowed via the --allowed-unsafe-sysctls kubeletflag as well on that node.

• You can also set a limited number of sysctls on a container-local basis with docker run --sysctl.

I also recommend going through the whole linked documentation as caution is advised because use of unsafe sysctls is at-your-own-risk and can lead to severe problems like wrong behavior of containers, resource shortage or complete breakage of a node.