RKE2 ingress-nginx bind-address: port 80 is already in use

Question

I am trying to bind RKE2 incl. ingress-nginx on a specific address 192.168.3.3 on a machine that has a (Docker) Nginx listening on another address/interface.

After a clean install of RKE2, in /usr/local/lib/systemd/system/rke2-server.service I set (before first start):

ExecStart=/usr/local/bin/rke2 server --bind-address 192.168.3.3 --node-ip 192.168.3.3 --node-external-ip 192.168.3.3

RKE2 starts up fine besides rke2-ingress-nginx-controller which fails with:

F0220 21:56:00.703309       8 main.go:67] port 80 is already in use. Please check the flag --http-port

It appears to bind to 0.0.0.0 and conflict with port 80 of the other Nginx, so I set bind-address in /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      config:
        bind-address: "192.168.3.3"

This affects nginx.conf as expected:

listen 192.168.3.3:80 default_server reuseport backlog=511 ;
listen [::]:80 default_server reuseport backlog=511 ;
listen 192.168.3.3:443 default_server reuseport backlog=511 ssl http2 ;
listen [::]:443 default_server reuseport backlog=511 ssl http2 ;

but still the controller fails with port 80 is already in use. I checked from the pod:

bash-4.4$ curl -v 192.168.3.3
* Rebuilt URL to: 192.168.3.3/
*   Trying 192.168.3.3...
* TCP_NODELAY set
* connect to 192.168.3.3 port 80 failed: Connection refused
* Failed to connect to 192.168.3.3 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.3.3 port 80: Connection refused

Port 80 does not seem to be in use. What am I missing?

Edit:

Just to be sure, since the ingress-nginx controller has IPv6 enabled and binds to [::], I set disable-ipv6: "true" in rke2-ingress-nginx-config.yaml but that didn't help either.

Funny enough, if I stop the other Nginx listening on another address, the controller starts up just fine. Then I can start the other Nginx again and all is good. So maybe there is some kind of "unconfigured" init container listening on all addresses failing the whole startup of the controller pod?

Answer 1

For me, it's fixed with sysctl -w net.ipv4.ip_unprivileged_port_start=1 on host machine for a permanent fix, run the script below

echo 'net.ipv4.ip_unprivileged_port_start = 1' > /etc/sysctl.d/ip_unprivileged_port_start.conf

the error message is misleading, it's actually a permission issue, not a port binding issue