diff --git a/ansible/provision.yaml b/ansible/provision.yaml
index e6a75c7..d2b2683 100644
--- a/ansible/provision.yaml
+++ b/ansible/provision.yaml
@@ -89,6 +89,12 @@
         mode: '0775'
         remote_src: yes
 
+    - name: Grant CAP_NET_BIND_SERVICE capability to traefik binary
+      command:
+        cmd: 'setcap cap_net_bind_service=+ep {{ ansible_env.HOME }}/draft/traefik'
+      warn: no
+      become: yes
+
     - name: Start helper sidecar
       shell: >
         source .venv/bin/activate &&
diff --git a/sidecar/cli/cli.py b/sidecar/cli/cli.py
index 835ad44..b5fc98e 100644
--- a/sidecar/cli/cli.py
+++ b/sidecar/cli/cli.py
@@ -87,7 +87,7 @@ def start_traefik_command(
         "SIDECAR_PORT": str(sidecar_port),
         "CERT_DIR": config_path,
     }
-    cmd = "sudo -E ./traefik --configFile=sidecar/traefik/traefik.yaml"
+    cmd = "./traefik --configFile=sidecar/traefik/traefik.yaml"
     return Command(cmd=cmd, env=env)