fix(traefik): listen on port 443 directly for Gateway API compatibility
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Traefik matches Gateway listener ports against entryPoint internal ports.
websecure was on 8443 so port 443 listeners were rejected as PortUnavailable.

Change websecure to listen on 443 and add NET_BIND_SERVICE capability to
allow binding to privileged ports as a non-root user.
This commit is contained in:
2026-05-23 00:31:58 +10:00
parent 20ce2b1b92
commit 44cc3d847d
2 changed files with 22 additions and 0 deletions
@@ -82,4 +82,15 @@ podSecurityContext:
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
ports:
websecure:
port: 443
enabled: true
@@ -82,4 +82,15 @@ podSecurityContext:
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
ports:
websecure:
port: 443
enabled: true