How To Change the Port Used by the RealTheory Collector Agent

Background

If your security policy requires you to run your pods in least privilege mode, the realtheorycollector pod might encounter an error as the pod has insufficient privileges to bind to port 80. You might see an error such as:

listen tcp :80: bind: permission denied

This can occur anytime a pod attempts to bind to a well-known or reserved port, which is typically any port between 1-1024. A similar error can also occur if you are using side-car containers that might bind to port 80, causing a conflict. In these cases, it is advantageous to bind the RealTheory collector to a different port by updating the realtheorycollector container spec within the deployment manifest to reflect your preferred port.

Solution

1. Locate the deployment manifest for the realtheorycollector container.

2. Add the following environment variable under the -env section:

   - name: THEORY_WEBSERVER_PORT
     value: "<preferred port>"
   

   Where <preferred port> is the port you prefer to use.

3. Update the ports section to include the new port number:

   ports:
   - containerPort: <preferred port>
   

4. Update the port section in livenessProbe, readinessProbe, and startupProbe to reflect the new port:

   livenessProbe:
     failureThreshold: 5
     httpGet:
       path: theory/api/v1/collector/health
       port: <preferred port>
       scheme: HTTP
     periodSeconds: 60
     timeoutSeconds: 5
   

   readinessProbe:
     failureThreshold: 5
     httpGet:
       path: theory/api/v1/collector/health
       port: <preferred port>
       scheme: HTTP
     periodSeconds: 60
     timeoutSeconds: 5
   

   startupProbe:
     failureThreshold: 20
     httpGet:
       path: theory/api/v1/collector/health
       port: <preferred port>
       scheme: HTTP
      initialDelaySeconds: 30
      periodSeconds: 15
      timeoutSeconds: 5
   

5. Run the following command to apply the updated manifest file:

   kubectl apply -f your-deployment.yaml