I noticed that installed kube-apiserver prog can start on port 443 (<1024) using non-root user 'kube'.

But I can't find any clue how kube-apiserver prog works. Any help? I have the problem of binding port 443 when upgrade kube-apiserver by cp.

Also I know linux capabilities (CAP_NET_BIND_SERVICE Bind a socket to Internet domain privileged ports (port numbers less than 1024).) such as:

setcap 'cap_net_bind_service=+ep' /path/to/program.

But I find nothing searching keyword "setcap" from the whole project.