Run node-local-dns in non-privileged mode

2025-07-23 11:50:44 +00:00 · 2022-08-04 15:11:40 +03:00 · 2022-08-04 15:11:40 +03:00 · bfe98c0c2a
commit bfe98c0c2a
parent ef7fc10460
1 changed files with 3 additions and 1 deletions
--- a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
+++ b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
@ -145,7 +145,9 @@ spec:
            memory: 5Mi
        args: [ "-localip", "__PILLAR__LOCAL__DNS__,__PILLAR__DNS__SERVER__", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
        securityContext:
-          privileged: true
+          capabilities:
            add:
            - NET_ADMIN
        ports:
        - containerPort: 53
          name: dns