I’m trying to run a process as a user and bind to 443, but I’m getting permission denied. I have capabilities: add: NET_BIND_SERVICE. Is there something else I’m missing?
Don’t know just on that alone. Provide more information.
I’m not sure what else to provide. Trying to run apache as a user and bind to 443, but when the pod starts it crashloops because it has no permission to bind on 443. I thought that is what adding capabilities: add: NET_BIND_SERVICE was supposed to fix. The container in question is built by kaniko so it suffers from the bug where setcap on files isn’t persisted, but I didn’t think that was necessary for adding capabilities for the pod.
There’s actually rarely a reason to run containers that bind to low ports. services/ingresses abstract the pod port away anyways