Merge pull request #111694 from ialidzhikov/enh/unprivileged-node-local-dns

Run node-local-dns in non-privileged mode
2025-09-17 15:13:08 +00:00 · 2022-08-23 17:17:41 -07:00
parent c9c7e245e4 bfe98c0c2a
commit 6e46517905
1 changed files with 3 additions and 1 deletions
--- a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
+++ b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
@@ -145,7 +145,9 @@ spec:
            memory: 5Mi
        args: [ "-localip", "__PILLAR__LOCAL__DNS__,__PILLAR__DNS__SERVER__", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
        securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
        ports:
        - containerPort: 53
          name: dns