Is it possible for Nginx to listen on lower port like 80 or 443 on Kubernetes deployment ?

[afjlee]

"The default NGINX listen port is now 8080 instead of 80 (this is no longer necessary as of Docker 20.03 but it's still required in other container runtimes)"

Trying to run a deployment/pod with nginx-unprivileged as base image in k8s(v1.30). I have set securityContext to allow low port binding.

  securityContext:
      capabilities:
        add:
        - NET_BIND_SERVICE
      runAsUser: 101

Try to bind https service on port 443, got below error:
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

I didn't include NET_BIND_SERVICE cap first. After seeing the error, I manually edited deployment by adding NET_BIND_SERVICE, but it didn't really help. I'm not sure whether that is really needed.
Also when I ran the container on my local with docker desktop, I could bind http service o port 80 though. It may be something to do k8s deployment, not sure.

I understand I could run it as root user, but the whole purpose of using nginx-unprivileged is not to run as root.

1. Is it possible to make nginx listen on lower port like 443, or 80 on k8s with non-root nginx user?
2. if possible, what I was doing wrong?

Thanks ahead!!

[afjlee]

update: this issue can be resolved by workaround from this post: kubernetes/kubernetes#56374 (comment)