diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
index 723243b57..1c4faa962 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -59,7 +59,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
index 76eecef33..321d1e330 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
@@ -44,7 +44,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP