Remove requirement of NET_BIND_SERVICE

[arontsang]

Within Kubernetes there is no reason to run with the capability NET_BIND_SERVICE.

The helm charts already use non-standard ports by default.

The docker file add

RUN setcap cap_net_bind_service=-ep /usr/local/sbin/haproxy

And we should drop the capability NET_BIND_SERVICE from the manifests

[oktalz]

@arontsang problem is that this is not always the case. while this works for you it does not work for everyone and this would limit some users.

you can certainly remove NET_BIND_SERVICE from manifest if you do not need it (but for your use case, not here as an example),

yes, Helm chart does have non-standard ports by default, but that can be changed

additionally, haproxy binary does not even have setcap capabilities in image, but wrapper does

probably in a month or so, we will have a blog post around this topic (why is wrapper needed)