thanks for your reply.
In k8s container, the process is running without root priviledge. /proc/sys/net is read-only filesystem.
We can't update any conf under /proc/sys/net.
In detail, for ipv4, inet_set_link_af(net/ipv4/devinet.c) can update IFLA_INET_CONF attributes.
But for ipv6...
for example, we can enable ipv6 forwording via "sysctl -w net.ipv6.conf.default.forwarding=1" with priviledge=true in docker.
it can't update it with only net-admin.