diff --git a/deploy/helm/templates/daemonset.yaml b/deploy/helm/templates/daemonset.yaml
index 2d1c0d066..c50319f83 100644
--- a/deploy/helm/templates/daemonset.yaml
+++ b/deploy/helm/templates/daemonset.yaml
@@ -68,6 +68,9 @@ spec:
           name: cni
         - mountPath: /opt/cni/bin
           name: kmesh-cni-install-path
+        - mountPath: /host/proc
+          name: host-procfs
+          readOnly: true
         - mountPath: /var/run/secrets/istio
           name: istiod-ca-cert
         - mountPath: /var/run/secrets/tokens
@@ -90,6 +93,10 @@ spec:
       - hostPath:
           path: /opt/cni/bin
         name: kmesh-cni-install-path
+      - name: host-procfs
+        hostPath:
+          path: /proc
+          type: Directory
       - configMap:
           defaultMode: 420
           name: istio-ca-root-cert
@@ -102,4 +109,3 @@ spec:
               audience: istio-ca
               expirationSeconds: 43200
               path: istio-token
-      hostPID: true
diff --git a/deploy/yaml/kmesh.yaml b/deploy/yaml/kmesh.yaml
index d38de2f9c..d9368f9d8 100644
--- a/deploy/yaml/kmesh.yaml
+++ b/deploy/yaml/kmesh.yaml
@@ -40,6 +40,10 @@ spec:
         - name: kmesh-cni-install-path
           hostPath:
             path: /opt/cni/bin
+        - name: host-procfs
+          hostPath:
+            path: /proc
+            type: Directory
         - name: istiod-ca-cert
           configMap:
             defaultMode: 420
@@ -105,6 +109,9 @@ spec:
             - name: kmesh-cni-install-path
               mountPath: /opt/cni/bin
               readOnly: false
+            - mountPath: /host/proc
+              name: host-procfs
+              readOnly: true
             - name: istiod-ca-cert
               mountPath: /var/run/secrets/istio
             - name: istio-token
@@ -116,4 +123,3 @@ spec:
               cpu: "1"
       priorityClassName: system-node-critical
       serviceAccountName: kmesh
-      hostPID: true
diff --git a/pkg/controller/bypass/bypass_controller.go b/pkg/controller/bypass/bypass_controller.go
index 61e157ee3..1c7ea4ee0 100644
--- a/pkg/controller/bypass/bypass_controller.go
+++ b/pkg/controller/bypass/bypass_controller.go
@@ -274,7 +274,7 @@ func getnspath(pod *corev1.Pod) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	res = path.Join("/proc", res)
+	res = path.Join("/host/proc", res)
 	return res, nil
 }
 
@@ -287,7 +287,7 @@ func BuiltinOrDir(dir string) fs.FS {
 
 func FindNetnsForPod(pod *corev1.Pod) (string, error) {
 	netnsObserved := sets.New[uint64]()
-	fd := BuiltinOrDir("/proc")
+	fd := BuiltinOrDir("/host/proc")
 
 	entries, err := fs.ReadDir(fd, ".")
 	if err != nil {