diff --git a/.github/workflows/tcp-sanity.yml b/.github/workflows/tcp-sanity.yml
index d38a39a04..6610eedab 100644
--- a/.github/workflows/tcp-sanity.yml
+++ b/.github/workflows/tcp-sanity.yml
@@ -89,3 +89,9 @@ jobs:
              ./validation.sh
              ./rmconfig.sh
              cd -
+      - run: |
+             cd cicd/tcplb-local/
+             ./config.sh
+             ./validation.sh
+             ./rmconfig.sh
+             cd -
diff --git a/cicd/k3s-incluster/loxilb.yml b/cicd/k3s-incluster/loxilb.yml
index 45c1a464f..9d9e2814f 100644
--- a/cicd/k3s-incluster/loxilb.yml
+++ b/cicd/k3s-incluster/loxilb.yml
@@ -14,6 +14,7 @@ spec:
         app: loxilb-app
     spec:
       hostNetwork: true
+      hostPID: true
       dnsPolicy: ClusterFirstWithHostNet
       tolerations:
       - key: "node-role.kubernetes.io/master"
@@ -29,20 +30,61 @@ spec:
                 operator: Exists
               - key: "node-role.kubernetes.io/control-plane"
                 operator: Exists
+      initContainers:
+      - name: mkllb-cgroup
+        command:
+          - sh
+          - -ec
+          - |
+            ls /usr/local/sbin/mkllb_cgroup && chmod 777 /usr/local/sbin/mkllb_cgroup;
+            cp -f /usr/local/sbin/mkllb_cgroup /hbin/mkllb_cgroup;
+            nsenter --cgroup=/hproc/1/ns/cgroup --mount=/hproc/1/ns/mnt /bin/mkllb_cgroup;
+            echo done;
+            rm /hbin/mkllb_cgroup;
+        image: "ghcr.io/loxilb-io/loxilb:latest"
+        imagePullPolicy: Always
+        volumeMounts:
+          - name: hproc
+            mountPath: /hproc
+          - name: hbin
+            mountPath: /hbin
+        terminationMessagePolicy: FallbackToLogsOnError
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+              - SYS_ADMIN
       containers:
       - name: loxilb-app
         image: "ghcr.io/loxilb-io/loxilb:latest"
-        imagePullPolicy: Always
-        command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico" ]
+        imagePullPolicy: IfNotPresent
+        command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico", "--localvip" ]
         ports:
         - containerPort: 11111
         - containerPort: 179
         - containerPort: 50051
+        volumeMounts:
+          - name: llb-cgroup
+            mountPath: /opt/loxilb/cgroup
         securityContext:
           privileged: true
+          runAsUser: 0
           capabilities:
             add:
               - SYS_ADMIN
+      volumes:
+      - name: hproc
+        hostPath:
+          path: /proc
+          type: Directory
+      - name: hbin
+        hostPath:
+          path: /bin
+          type: Directory
+      - name: llb-cgroup
+        hostPath:
+          path: /opt/loxilb/cgroup
+          type: DirectoryOrCreate
 ---
 apiVersion: v1
 kind: Service