From 1ec027347363a5617bcbe69338ad9f78bfe8b7a7 Mon Sep 17 00:00:00 2001
From: Irbe Krumina <irbe@tailscale.com>
Date: Fri, 31 May 2024 19:15:02 +0100
Subject: [PATCH] docs/k8s: fix subnet router manifests (#12305)

In https://github.com/tailscale/tailscale/pull/11363
I changed the subnet router manifest to run in tun
mode (for performance reasons), but did not
change the security context to give it net_admin,
which is required to for the tailscale socket.

Updates tailscale/tailscale#12083

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
---
 docs/k8s/subnet.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/k8s/subnet.yaml b/docs/k8s/subnet.yaml
index 458840a5b..4b7066fb3 100644
--- a/docs/k8s/subnet.yaml
+++ b/docs/k8s/subnet.yaml
@@ -29,5 +29,6 @@ spec:
     - name: TS_ROUTES
       value: "{{TS_ROUTES}}"
     securityContext:
-      runAsUser: 1000
-      runAsGroup: 1000
+      capabilities:
+        add:
+        - NET_ADMIN