Ip forwarding enabled by kube-proxy

Cluster information:

Kubernetes version: 1.16.3
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: kubespray
Host OS: ubuntu 16.04
CNI and version: calico v3.11.1
CRI and version: docker 19.03.8


I am trying to run kubernetes on a device. And the device have some security concerns. one of them is that i cannot enable packet forwarding on node (host machine).

I am run kubernetes 1.16.3 version with kube-proxy in IPVS mode. As soon as kube-proxy comes up the ipv4 forwarding is enabled.

cat /proc/sys/net/ipv4/ip_forward

I want to disable this behavior. I am stuck in this and not able to find where i can change to disable ip_forward being set by kube-proxy.

Also, /proc/sys/net/ipv4/ip_forward being set 1 is it a security concern ? Thanks

Without ip_forwarding set, will most forms of kubernetes networking even work? Strictly speaking, a pod, with its own IP in a network-namespace is approximately the same as being a different machine - IP forwarding is required, as far as I know.

I was searching the same in kubernetes docs and other documentation. i have not able to find anything specifically telling why that ip_forwarding is required.

My understanding is when we want an external connectivity inside the pod(containers) we enable this forwarding. like i want ran apt update inside a pod and install something.
Is there a way in which i can disable in kube-proxy enabling the ip forwarding.

Also, /proc/sys/net/ipv4/ip_forward being set 1 is it a security concern ?