【以下的问题经过翻译处理】 我有一个以非根用户绑定端口80的镜像。我可以在本地(macOS Monterey,Docker Desktop 4.7.1)完全正常地运行它。
但是,当我尝试在Fargate上作为ECS服务的一部分运行它时,会出现以下错误:
无法绑定到0.0.0.0 / 0.0.0.0:80
此问题由SocketException:拒绝的权限引起
Fargate意味着我必须在网络模式“awsvpc”中运行任务-不确定是否相关?
您对我做错了什么是否有看法? 最佳实践文档建议我应该以非根身份运行(p.83),并且在awsvpc下暴露端口80是合理的(P.23上的图表)。
以下是我任务定义的JSON的略微裁剪版本:
{
"taskDefinitionArn": "arn:aws:ecs:us-east-1:<ID>:task-definition/mything:2",
"containerDefinitions": [
{
"name": "mything",
"image": "mything:latest",
"cpu": 0,
"memory": 1024,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
],
"essential": true,
"environment": []
}
],
"family": "mything",
"executionRoleArn": "arn:aws:iam::<ID>:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 2,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"runtimePlatform": {
"operatingSystemFamily": "LINUX"
},
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "256",
"memory": "1024",
"tags": []
}