cannot bind socket (Permission denied) for [0.0.0.0:80]

[michaelday008]

I installed haproxy ingress to an on-premise kubernetes cluster, by following the guide at https://www.haproxy.com/documentation/kubernetes-ingress/community/installation/on-prem/

Specifically, I deployed using kubectl -f https://github.com/haproxytech/kubernetes-ingress/blob/master/deploy/haproxy-ingress.yaml

Instead of launching, the container goes into a crashloop

haproxy-controller   haproxy-kubernetes-ingress-d5586cd7d-znd8q    0/1     CrashLoopBackOff   1448 (2m59s ago)   3d1h

I see a bunch of these in the logs

[ALERT]    (295) : Binding [/etc/haproxy/haproxy.cfg:48] for frontend http: cannot bind socket (Permission denied) for [:::80]
[ALERT]    (295) : Binding [/etc/haproxy/haproxy.cfg:62] for frontend https: cannot bind socket (Permission denied) for [:::443]
[ALERT]    (295) : Binding [/etc/haproxy/haproxy.cfg:47] for frontend http: cannot bind socket (Permission denied) for [0.0.0.0:80]
[ALERT]    (295) : Binding [/etc/haproxy/haproxy.cfg:61] for frontend https: cannot bind socket (Permission denied) for [0.0.0.0:443]
[ALERT]    (295) : [/usr/local/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.

Did I do something wrong? I assume that following the guide verbatim and using the provided manifest, everything should work out of the box.

I thought maybe this was an issue with the fact that default manifest provided in this git repo runs as uid 1000 and couldn't bind to well known ports, so I tried running with uid 0 and things got even worse. This time the container wouldn't even launch.

s6-overlay-preinit: fatal: unable to chown /var/run/s6: Operation not permitted

[ivanmatmati]

Hi @michaelday008 , Thanks for reporting we'll look at this issue. In the meantime, can you add the following parameters to your ingress controller arguments in the yaml file ?

--https-bind-port=8443
--http-bind-port=8080

You can replace with any port value above 1024.

[ivanmatmati]

Can you also provide your docker/k8s versions ?

[michaelday008]

$ docker version
Client:
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.3
 Git commit:        24.0.5-0ubuntu1~22.04.1
 Built:             Mon Aug 21 19:50:14 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.3
  Git commit:       24.0.5-0ubuntu1~22.04.1
  Built:            Mon Aug 21 19:50:14 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.2
  GitCommit:        
 runc:
  Version:          1.1.7-0ubuntu1~22.04.1
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:

$ kubectl version
Client Version: v1.28.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.4-eks-cedffd4

[michaelday008]

Hi @michaelday008 , Thanks for reporting we'll look at this issue. In the meantime, can you add the following parameters to your ingress controller arguments in the yaml file ?

--https-bind-port=8443
--http-bind-port=8080

You can replace with any port value above 1024.

This worked. Thank you! The container now starts properly and I can reach the services that are using this as ingress.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.