From c8403db1529c70dff34c9a535a379345610a08a3 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 19 Nov 2023 23:54:47 +0100
Subject: [PATCH] fix(dns): Use capability instead of sysctl

---
 apps/k8s01/dns/dns.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml
index d3d8d00f5..0a959b1a1 100644
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -87,6 +87,8 @@ spec:
             capabilities:
               drop:
                 - ALL
+              add:
+                - NET_BIND_SERVICE
       automountServiceAccountToken: false
       volumes:
         - name: tls-secret
@@ -103,9 +105,6 @@ spec:
         runAsGroup: 1000
         seccompProfile:
           type: RuntimeDefault
-        sysctls:
-          - name: 'net.ipv4.ip_unprivileged_port_start'
-            value: "0"
 ---
 apiVersion: v1
 kind: Service
-- 
GitLab