Fix: nodelocaldns capabilities usage (#12398)

tico88612 · web-flow · commit 8d275dcb4f21 · 2025-07-15T18:54:22.000-07:00
Signed-off-by: ChengHao Yang &lt;17496418+tico88612@users.noreply.github.com&gt;
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -59,7 +59,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
@@ -44,7 +44,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP
