diff --git a/script/helm/garage/README.md b/script/helm/garage/README.md
index 50de3360..1473e320 100644
--- a/script/helm/garage/README.md
+++ b/script/helm/garage/README.md
@@ -33,11 +33,14 @@ S3-compatible object store for small self-hosted geo-distributed deployments
 | garage.replicationFactor | string | `"3"` | Default to 3 replicas, see the replication_factor section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication_factor |
 | garage.consistencyMode | string | `"consistent"` | Default to read-after-write consistency, see the consistency_mode section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#consistency_mode |
 | garage.metadataAutoSnapshotInterval | string | `""` | If this value is set, Garage will automatically take a snapshot of the metadata DB file at a regular interval and save it in the metadata directory. https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#metadata_auto_snapshot_interval |
+| garage.admin.apiBindAddr | string | `"[::]:3903"` |  |
 | garage.rpcBindAddr | string | `"[::]:3901"` |  |
 | garage.rpcSecret | string | `""` | If not given, a random secret will be generated and stored in a Secret object |
+| garage.s3.api.bindAddr | string | `"[::]:3900"` |  |
 | garage.s3.api.region | string | `"garage"` |  |
 | garage.s3.api.rootDomain | string | `".s3.garage.tld"` |  |
 | garage.s3.web.index | string | `"index.html"` |  |
+| garage.s3.web.bindAddr | string | `"[::]:3902"` |  |
 | garage.s3.web.rootDomain | string | `".web.garage.tld"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"dxflrs/amd64_garage"` | default to amd64 docker image |
diff --git a/script/helm/garage/templates/_helpers.tpl b/script/helm/garage/templates/_helpers.tpl
index 2ffb90c6..4451840f 100644
--- a/script/helm/garage/templates/_helpers.tpl
+++ b/script/helm/garage/templates/_helpers.tpl
@@ -71,6 +71,13 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
+{{/*
+Extract the trailing port number from a bind address like [::]:3900 or 0.0.0.0:3900.
+*/}}
+{{- define "garage.portFromBindAddr" -}}
+{{- regexFind "[0-9]+$" . -}}
+{{- end }}
+
 {{/*
     Returns given number of random Hex characters.
     In practice, it generates up to 100 randAlphaNum strings
diff --git a/script/helm/garage/templates/configmap.yaml b/script/helm/garage/templates/configmap.yaml
index 4fc3e152..420f31da 100644
--- a/script/helm/garage/templates/configmap.yaml
+++ b/script/helm/garage/templates/configmap.yaml
@@ -45,16 +45,16 @@ data:
 
     [s3_api]
     s3_region = "{{ .Values.garage.s3.api.region }}"
-    api_bind_addr = "[::]:3900"
+    api_bind_addr = "{{ .Values.garage.s3.api.bindAddr }}"
     root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
 
     [s3_web]
-    bind_addr = "[::]:3902"
+    bind_addr = "{{ .Values.garage.s3.web.bindAddr }}"
     root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
     index = "{{ .Values.garage.s3.web.index }}"
 
     [admin]
-    api_bind_addr = "[::]:3903"
+    api_bind_addr = "{{ .Values.garage.admin.apiBindAddr }}"
     {{- if .Values.monitoring.tracing.sink }}
     trace_sink = "{{ .Values.monitoring.tracing.sink }}"
     {{- end }}
diff --git a/script/helm/garage/templates/service-headless.yaml b/script/helm/garage/templates/service-headless.yaml
index 7bc9f2cc..c6005cc3 100644
--- a/script/helm/garage/templates/service-headless.yaml
+++ b/script/helm/garage/templates/service-headless.yaml
@@ -10,11 +10,11 @@ spec:
   clusterIP: None
   ports:
     - port: {{ .Values.service.s3.api.port }}
-      targetPort: 3900
+      targetPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.api.bindAddr | int }}
       protocol: TCP
       name: s3-api
     - port: {{ .Values.service.s3.web.port }}
-      targetPort: 3902
+      targetPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.web.bindAddr | int }}
       protocol: TCP
       name: s3-web
   selector:
diff --git a/script/helm/garage/templates/service.yaml b/script/helm/garage/templates/service.yaml
index 887c90d0..cb4bc386 100644
--- a/script/helm/garage/templates/service.yaml
+++ b/script/helm/garage/templates/service.yaml
@@ -12,11 +12,11 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.s3.api.port }}
-      targetPort: 3900
+      targetPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.api.bindAddr | int }}
       protocol: TCP
       name: s3-api
     - port: {{ .Values.service.s3.web.port }}
-      targetPort: 3902
+      targetPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.web.bindAddr | int }}
       protocol: TCP
       name: s3-web
   selector:
@@ -35,8 +35,8 @@ spec:
   type: ClusterIP
   clusterIP: None
   ports:
-    - port: 3903
-      targetPort: 3903
+    - port: {{ include "garage.portFromBindAddr" .Values.garage.admin.apiBindAddr | int }}
+      targetPort: {{ include "garage.portFromBindAddr" .Values.garage.admin.apiBindAddr | int }}
       protocol: TCP
       name: metrics
   selector:
diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml
index 21c6462d..1283d245 100644
--- a/script/helm/garage/templates/workload.yaml
+++ b/script/helm/garage/templates/workload.yaml
@@ -60,11 +60,11 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            - containerPort: 3900
+            - containerPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.api.bindAddr | int }}
               name: s3-api
-            - containerPort: 3902
+            - containerPort: {{ include "garage.portFromBindAddr" .Values.garage.s3.web.bindAddr | int }}
               name: web-api
-            - containerPort: 3903
+            - containerPort: {{ include "garage.portFromBindAddr" .Values.garage.admin.apiBindAddr | int }}
               name: admin
           {{- with .Values.environment }}
           env:
diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml
index d376c6a7..a74faf3f 100644
--- a/script/helm/garage/values.yaml
+++ b/script/helm/garage/values.yaml
@@ -48,11 +48,15 @@ garage:
   kubernetesSkipCrd: false
   s3:
     api:
+      bindAddr: "[::]:3900"
       region: "garage"
       rootDomain: ".s3.garage.tld"
     web:
+      bindAddr: "[::]:3902"
       rootDomain: ".web.garage.tld"
       index: "index.html"
+  admin:
+    apiBindAddr: "[::]:3903"
 
   # -- Additional configuration to append to garage.toml. Use a multi-line string for custom config.
   # Example:
@@ -221,14 +225,14 @@ resources: {}
 livenessProbe: {}
   #httpGet:
   #  path: /health
-  #  port: 3903
+  #  port: 3903 # or the port from garage.admin.apiBindAddr
   #initialDelaySeconds: 5
   #periodSeconds: 30
 # -- Specifies a readinessProbe
 readinessProbe: {}
   #httpGet:
   #  path: /health
-  #  port: 3903
+  #  port: 3903 # or the port from garage.admin.apiBindAddr
   #initialDelaySeconds: 5
   #periodSeconds: 30