From bfe98c0c2aeb08774dd2cdc3321513ed8cffe2d2 Mon Sep 17 00:00:00 2001
From: ialidzhikov <i.alidjikov@gmail.com>
Date: Thu, 4 Aug 2022 15:11:40 +0300
Subject: [PATCH] Run node-local-dns in non-privileged mode

---
 cluster/addons/dns/nodelocaldns/nodelocaldns.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
index 373aa0e11ba..f02e594f208 100644
--- a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
+++ b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
@@ -145,7 +145,9 @@ spec:
             memory: 5Mi
         args: [ "-localip", "__PILLAR__LOCAL__DNS__,__PILLAR__DNS__SERVER__", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
         ports:
         - containerPort: 53
           name: dns