From 8d275dcb4f218c92b7ee018f83c66d9d090a896d Mon Sep 17 00:00:00 2001
From: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Date: Wed, 16 Jul 2025 09:54:22 +0800
Subject: [PATCH] Fix: nodelocaldns capabilities usage (#12398)

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---
 .../ansible/templates/nodelocaldns-daemonset.yml.j2           | 4 +++-
 .../ansible/templates/nodelocaldns-second-daemonset.yml.j2    | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
index 723243b57..1c4faa962 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -59,7 +59,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
index 76eecef33..321d1e330 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-second-daemonset.yml.j2
@@ -44,7 +44,9 @@ spec:
           name: metrics
           protocol: TCP
         securityContext:
-          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
 {% if nodelocaldns_bind_metrics_host_ip %}
         env:
           - name: MY_HOST_IP