From be0dbd62c1749d621dbe5913e4a2c0bf62588439 Mon Sep 17 00:00:00 2001
From: nogoegst <nogoegst@users.noreply.github.com>
Date: Thu, 22 Mar 2018 15:44:05 +0000
Subject: [PATCH] Drop capabilities in Kubernetes DaemonSet example

---
 docs/user-guide/kubernetes.md | 7 ++++++-
 examples/k8s/traefik-ds.yaml  | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/kubernetes.md b/docs/user-guide/kubernetes.md
index 2b054c50a..a970af6ca 100644
--- a/docs/user-guide/kubernetes.md
+++ b/docs/user-guide/kubernetes.md
@@ -121,6 +121,7 @@ spec:
         args:
         - --api
         - --kubernetes
+        - --logLevel=INFO
 ---
 kind: Service
 apiVersion: v1
@@ -182,7 +183,11 @@ spec:
         - name: admin
           containerPort: 8080
         securityContext:
-          privileged: true
+          capabilities:
+            drop:
+            - ALL
+            add:
+            - NET_BIND_SERVICE
         args:
         - --api
         - --kubernetes
diff --git a/examples/k8s/traefik-ds.yaml b/examples/k8s/traefik-ds.yaml
index 285739e53..eda9bc088 100644
--- a/examples/k8s/traefik-ds.yaml
+++ b/examples/k8s/traefik-ds.yaml
@@ -32,7 +32,11 @@ spec:
         - name: admin
           containerPort: 8080
         securityContext:
-          privileged: true
+          capabilities:
+            drop:
+            - ALL
+            add:
+            - NET_BIND_SERVICE
         args:
         - --api
         - --kubernetes