Good afternoon.
Because it seems that using CAP_NET_BIND_SERVICE is no longer supported (cf. #1767), I am attempting to deploy CoreDNS such that the coredns executable binds to an arbitrary port (without loss of generality, 5553.) I have been successful in specifying an alternate port through values.yaml.
However, I have configured traffic coming in on UDP port 53 to go to the service listening on port 53, so I would like the coredns service to listen on port 53 but still have a targetPort of 5553.
It does not seem that coredns.servicePorts is generated in a way which would allow for differing port and targetPort numbers.
How should I go about deploying CoreDNS such that those fields differ? Alternatively, is there a better way to run CoreDNS as "unprivileged"?
Thank you.
Good afternoon.
Because it seems that using
CAP_NET_BIND_SERVICEis no longer supported (cf. #1767), I am attempting to deploy CoreDNS such that thecorednsexecutable binds to an arbitrary port (without loss of generality,5553.) I have been successful in specifying an alternate port throughvalues.yaml.However, I have configured traffic coming in on UDP port
53to go to the service listening on port53, so I would like thecorednsservice to listen on port53but still have atargetPortof5553.It does not seem that
coredns.servicePortsis generated in a way which would allow for differingportandtargetPortnumbers.How should I go about deploying CoreDNS such that those fields differ? Alternatively, is there a better way to run CoreDNS as "unprivileged"?
Thank you.