From 693eb74f52c5f3450e1ead10e71b9131db42e613 Mon Sep 17 00:00:00 2001
From: kyrie <139965836+KubeKyrie@users.noreply.github.com>
Date: Tue, 22 Oct 2024 00:42:52 +0800
Subject: [PATCH] fix kube-vip container securityContext (#11647)

---
 .../kubernetes/node/templates/manifests/kube-vip.manifest.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
index 35b6f0eee..8033a2641 100644
--- a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
@@ -104,11 +104,16 @@ spec:
     imagePullPolicy: {{ k8s_image_pull_policy }}
     name: kube-vip
     resources: {}
+{% if kube_vip_lb_fwdmethod == "masquerade" %}
+    securityContext:
+      privileged: true
+{% else %}
     securityContext:
       capabilities:
         add:
         - NET_ADMIN
         - NET_RAW
+{% endif %}
     volumeMounts:
     - mountPath: /etc/kubernetes/admin.conf
       name: kubeconfig