Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm安装higress, gateway stdout日志中报错envoy监听80端口被拒绝 #1614

Open
heartbeat2013 opened this issue Dec 20, 2024 · 5 comments

Comments

@heartbeat2013
Copy link

helm安装higress, gateway stdout日志中报错envoy监听80端口被拒绝,报错如下:
2024-12-20T10:50:16.149849Z error envoy config external/envoy/source/extensions/listener_managers/listener_manager/listener_manager_impl.cc:1124 listener '0.0.0.0_80' failed to bind or apply socket options: cannot bind '0.0.0.0:80': Permission denied thread=22
2024-12-20T10:50:16.150000Z warning envoy config external/envoy/source/extensions/config_subscription/grpc/grpc_subscription_impl.cc:128 gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) 0.0.0.0_80: cannot bind '0.0.0.0:80': Permission denied
thread=22
helm higress chart 版本 higress-2.0.4
higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/higress:2.0.4
higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/pilot:2.0.4
higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/gateway:2.0.4
k8s版本 v1.28.3-tke.5

@johnlanni
Copy link
Collaborator

容器里执行一下 netstat -lntp 看看,80端口有监听吗

@heartbeat2013
Copy link
Author

@johnlanni 出现这个报错时候80是没有监听的,这个报错时有时无,比较奇怪,k8s节点内核版本和k8s版本也都是一致的

@johnlanni
Copy link
Collaborator

后面版本会增加一个配置来控制80端口没权限创建时的部署行为:#1616

你可以先手动更改deployment,参考这个:

capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 0
runAsGroup: 1337
runAsNonRoot: false
allowPrivilegeEscalation: true

@johnlanni
Copy link
Collaborator

也可以通过 gateway.containerSecurityContext 这个 helm 参数来设置

@heartbeat2013
Copy link
Author

@johnlanni 好的,多谢大佬

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants