diff --git a/README.md b/README.md
index 04a9fb0c4..c9330be9d 100644
--- a/README.md
+++ b/README.md
@@ -124,7 +124,7 @@ Note:
   - [kube-ovn](https://github.com/alauda/kube-ovn) 1.12.21
   - [kube-router](https://github.com/cloudnativelabs/kube-router) 2.1.1
   - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) 4.2.2
-  - [kube-vip](https://github.com/kube-vip/kube-vip) 0.8.0
+  - [kube-vip](https://github.com/kube-vip/kube-vip) 1.0.3
 - Application
   - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
   - [coredns](https://github.com/coredns/coredns) 1.12.1
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 8c8bec6f9..378788f43 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -61,8 +61,6 @@ eviction_hard_control_plane: {}
 kubelet_status_update_frequency: 10s
 
 # kube-vip
-kube_vip_version: 0.8.0
-
 kube_vip_arp_enabled: false
 kube_vip_interface:
 kube_vip_services_interface:
diff --git a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
index 4e9e5ce59..cda0ae82f 100644
--- a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
@@ -1,4 +1,4 @@
-# Inspired by https://github.com/kube-vip/kube-vip/blob/v0.8.0/pkg/kubevip/config_generator.go#L103
+# Inspired by https://github.com/kube-vip/kube-vip/blob/v1.0.3/pkg/kubevip/config_generator.go#L103
 apiVersion: v1
 kind: Pod
 metadata:
@@ -27,7 +27,7 @@ spec:
       value: {{ kube_vip_services_interface | string | to_json }}
 {% endif %}
 {% if kube_vip_cidr %}
-    - name: vip_{% if kube_vip_image_tag is version('v0.9.0', '>=') %}subnet{% else %}cidr{% endif %}
+    - name: vip_{{ "subnet" if kube_vip_version is version('0.9.0', '>=') else "cidr" }}
       value: {{ kube_vip_cidr | string | to_json }}
 {% endif %}
 {% if kube_vip_dns_mode %}
@@ -113,6 +113,8 @@ spec:
         add:
         - NET_ADMIN
         - NET_RAW
+        drop:
+        - ALL
 {% endif %}
     volumeMounts:
     - mountPath: /etc/kubernetes/admin.conf
diff --git a/roles/kubespray_defaults/defaults/main/download.yml b/roles/kubespray_defaults/defaults/main/download.yml
index 53981d06d..13a9ad408 100644
--- a/roles/kubespray_defaults/defaults/main/download.yml
+++ b/roles/kubespray_defaults/defaults/main/download.yml
@@ -265,8 +265,9 @@ multus_image_tag: "v{{ multus_version }}"
 external_openstack_cloud_controller_image_repo: "{{ kube_image_repo }}/provider-os/openstack-cloud-controller-manager"
 external_openstack_cloud_controller_image_tag: "v1.32.0"
 
+kube_vip_version: 1.0.3
 kube_vip_image_repo: "{{ github_image_repo }}/kube-vip/kube-vip{{ '-iptables' if kube_vip_lb_fwdmethod == 'masquerade' else '' }}"
-kube_vip_image_tag: v1.0.3
+kube_vip_image_tag: "v{{ kube_vip_version }}"
 nginx_image_repo: "{{ docker_image_repo }}/library/nginx"
 nginx_image_tag: 1.28.0-alpine
 haproxy_image_repo: "{{ docker_image_repo }}/library/haproxy"