hotfix: use echo instead of sysctl to set ipv4 ip_forward feature (#518)

charts/kubevpn/templates/deployment.yaml

@@ -35,9 +35,9 @@ spec:
         - args:
             {{- if eq .Values.netstack "system" }}
             - |
-              sysctl -w net.ipv4.ip_forward=1
-              sysctl -w net.ipv6.conf.all.disable_ipv6=0
-              sysctl -w net.ipv6.conf.all.forwarding=1
+              echo 1 > /proc/sys/net/ipv4/ip_forward
+              echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+              echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
               update-alternatives --set iptables /usr/sbin/iptables-legacy
               iptables -P INPUT ACCEPT
               ip6tables -P INPUT ACCEPT

pkg/handler/clone.go

@@ -320,7 +320,12 @@ func (d *CloneOptions) DoClone(ctx context.Context, kubeconfigJsonBytes []byte)
 							Command: []string{
 								"/bin/bash",
 								"-c",
-								"sysctl -w net.ipv4.ip_forward=1\nsysctl -w net.ipv6.conf.all.disable_ipv6=0\nsysctl -w net.ipv6.conf.all.forwarding=1\nsysctl -w net.ipv4.conf.all.route_localnet=1\nupdate-alternatives --set iptables /usr/sbin/iptables-legacy",
+								`
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+echo 1 > /proc/sys/net/ipv4/conf/all/route_localnet
+update-alternatives --set iptables /usr/sbin/iptables-legacy`,
 							},
 						},
 					},

pkg/handler/remote.go

@@ -367,9 +367,9 @@ func genDeploySpec(namespace string, udp8422 string, tcp10800 string, tcp9002 st
 								`
 kubevpn server -l "tcp://:10800" -l "gtcp://:10801" -l "gudp://:10802" --debug=true`,
 								`
-sysctl -w net.ipv4.ip_forward=1
-sysctl -w net.ipv6.conf.all.disable_ipv6=0
-sysctl -w net.ipv6.conf.all.forwarding=1
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 iptables -P INPUT ACCEPT
 ip6tables -P INPUT ACCEPT

pkg/inject/controller.go

@@ -47,9 +47,9 @@ func AddMeshContainer(spec *v1.PodTemplateSpec, ns, nodeId string, c util.PodRou
 		Image:   config.Image,
 		Command: []string{"/bin/sh", "-c"},
 		Args: []string{`
-sysctl -w net.ipv4.ip_forward=1
-sysctl -w net.ipv6.conf.all.disable_ipv6=0
-sysctl -w net.ipv6.conf.all.forwarding=1
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 iptables -P INPUT ACCEPT
 ip6tables -P INPUT ACCEPT

pkg/inject/exchange.go

@@ -79,10 +79,10 @@ func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig, connectNamespace
 		// iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4}
 		// ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6}
 		Args: []string{`
-sysctl -w net.ipv4.ip_forward=1
-sysctl -w net.ipv6.conf.all.disable_ipv6=0
-sysctl -w net.ipv6.conf.all.forwarding=1
-sysctl -w net.ipv4.conf.all.route_localnet=1
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+echo 1 > /proc/sys/net/ipv4/conf/all/route_localnet
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 iptables -P INPUT ACCEPT
 ip6tables -P INPUT ACCEPT

pkg/test/pod.yaml

@@ -15,10 +15,11 @@ spec:
         - -c
       args:
         - |
-          sysctl net.ipv4.ip_forward=1
-          sysctl net.ipv6.conf.all.forwarding=1
+          echo 1 > /proc/sys/net/ipv4/ip_forward
+          echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+          echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+          echo 1 > /proc/sys/net/ipv4/conf/all/route_localnet
           update-alternatives --set iptables /usr/sbin/iptables-legacy
-          iptables -F
           iptables -P INPUT ACCEPT
           iptables -P FORWARD ACCEPT
           ip6tables -t nat -A POSTROUTING -s fe80::cff4:d42c:7e73:e84b/64 -o eth0 -j MASQUERADE