Work on PodSecurityPolicy

templates/traefik-dp.yml.j2

@@ -19,6 +19,10 @@ spec:
         app: traefik
     spec:
       serviceAccountName: traefik-ingress-controller
+#      securityContext:
+#        sysctls:
+#        - name: kernel.net.ipv4.ip_unprivileged_port_start
+#          value: "80"
       containers:
         - name: traefik
           image: traefik:{{ lookup('vars', 'traefik_version_' + traefik_version | regex_replace('\.','_')) }}
@@ -30,7 +34,9 @@ spec:
             - name: {{ traefik_entrypoint.name }}
               containerPort: {{ traefik_entrypoint.port }}
               protocol: {{ traefik_entrypoint.proto }}
-              hostPort: {{ traefik_entrypoint.port }}
+{% if traefik_entrypoint.hostport is defined %}
+              hostPort: {{ traefik_entrypoint.hostport }}
+{% endif %}
 {% endfor %}
           readinessProbe:
             httpGet:
@@ -56,6 +62,9 @@ spec:
                 - ALL
               add:
                 - NET_BIND_SERVICE
+            runAsUser: 1000
+            runAsGroup: 1000
+            allowPrivilegeEscalation: true
           resources:
             limits:
               cpu: {{ traefik_cpu_limit }}