Specify `port` differing from `targetPort`

[TsarFox]

Good afternoon.

Because it seems that using CAP_NET_BIND_SERVICE is no longer supported (cf. #1767), I am attempting to deploy CoreDNS such that the coredns executable binds to an arbitrary port (without loss of generality, 5553.) I have been successful in specifying an alternate port through values.yaml.

However, I have configured traffic coming in on UDP port 53 to go to the service listening on port 53, so I would like the coredns service to listen on port 53 but still have a targetPort of 5553.

It does not seem that coredns.servicePorts is generated in a way which would allow for differing port and targetPort numbers.

How should I go about deploying CoreDNS such that those fields differ? Alternatively, is there a better way to run CoreDNS as "unprivileged"?

Thank you.

[hagaibarel]

I think a better approach would be to specify a security context that allows running as an unpriivlieged pod, while adding the NET_BIND_SERVICE. We have some work already started around it #93 and in #39 , lets see if we can get those moving and then decide if we need to support additional options for the services.