diff --git a/CHANGELOG.md b/CHANGELOG.md
index c362aea..1da3bb0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ All notable changes to this project will be documented in this file. The format
 
   ```shell
   Capabilities: &corev1.Capabilities{
-	Add:  []corev1.Capability{"NET_ADMIN", "NET_BIND_SERVICE"},
+	Add:  []corev1.Capability{"NET_ADMIN"},
 	Drop: []corev1.Capability{"ALL"},
   },
   RunAsUser:  &rootUser, (deafault = true)
diff --git a/ziti-agent/cmd/webhook/pods.go b/ziti-agent/cmd/webhook/pods.go
index 7f2b06c..b76f3b3 100644
--- a/ziti-agent/cmd/webhook/pods.go
+++ b/ziti-agent/cmd/webhook/pods.go
@@ -151,7 +151,7 @@ func zitiTunnel(ar admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
 
 		sidecarSecurityContext = &corev1.SecurityContext{
 			Capabilities: &corev1.Capabilities{
-				Add:  []corev1.Capability{"NET_ADMIN", "NET_BIND_SERVICE"},
+				Add:  []corev1.Capability{"NET_ADMIN"},
 				Drop: []corev1.Capability{"ALL"},
 			},
 			RunAsUser:  &rootUser,