Bind on Port 80 Fails Due to Permissions in NGINX Ingress

This document (000020005) is provided subject to the disclaimer at the end of this document.

Environment

A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster

Situation

Sometimes an admin may see an error in the logs like the one below:

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Resolution

Remove the ingress container image from the node(s), using the following commands:

# Find the name of the nginx-ingress-controller pod
NGINX_INGRESS_CONTROLLER="$(kubectl get pods -n ingress-nginx | awk '/nginx-ingress-controller/ { print $1 }')"

# Remove nginx-ingress-controller pod and then clean up the container image
docker rm -f "${NGINX_INGRESS_CONTROLLER}" && \
docker system prune -af

Cause

According to kubernetes/ingress-nginx GitHub Issue #3858, this is caused by a capabilities failure on one of the layers of the nginx-ingress-controller image, due to the xattrs not being copied correctly.

Additional Information

• OCI Image Format Specification: Image Layer Filesystem Changeset
• xattr(7) - Linux manual page

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.