Hello,
I have multiple AWS EKS clusters, I have one on AWS EKS 1.24 and the rest on 1.23, on all of them I have the same applications.
In the 1.24 cluster there is one application that is giving me the following error:
(13)Permission denied: AH00072: make_sock: could not bind to address :80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Nothing has been changed in the application and it is in all clusters exactly the same. The application use the official image: httpd:2.4.54-bullseye
The Dockerfile is:
FROM httpd:2.4.54-bullseye
COPY ./dockerFiles/apache2.conf /usr/local/apache2/conf/extra/httpd-vhosts.conf
COPY ./public_html /usr/local/apache2/htdocs/
USER www-data
Deployment is:
apiVersion: apps/v1
kind: Deployment
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- app
topologyKey: topology.kubernetes.io/zone
weight: 100
containers:
- env:
- name: MS_VERSION
value: 1.0.1
image: PRIVATE_ECR/app:1.0.1
imagePullPolicy: IfNotPresent
name: app
ports:
- containerPort: 80
name: http
protocol: TCP
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 200m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
nodeSelector:
node/tier: app
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
I think it is related to the use of containerd in 1.24, but I don't know if at AWS EKS configuration level there is something that can be done or just modify the security contexts of the application deployment, the idea is to run apache on port 80 without root.