[Bug] Services container fails in self-hosted Helm deployment because it binds to privileged port 80 as non-root

[eduardofischer]

Describe the bug

In a self-hosted Agenta deployment using the Helm chart, the services pod fails to start because the container tries to bind to 0.0.0.0:80 while running as a non-root user.

This results in errors like:

connection to ('0.0.0.0', 80) failed: [Errno 13] Permission denied
Can't connect to ('0.0.0.0', 80)

Changing the internal services port to 8080 fixes the issue.

Setup

Self-deployed in Kubernetes using the Helm chart

To Reproduce

1. Deploy Agenta in a self-hosted environment using the Helm chart.
2. Start the services component with the default chart values.
3. Observe the services pod logs.
4. See that the process fails to bind to port 80 with Permission denied.

Expected behavior

The services component should start successfully with the default chart settings, without requiring a local port override.

Screenshots

No response

Agenta SDK Version

No response

Agenta Image Tag

v0.94.9

Important Context

No response

LinkedIn details

https://www.linkedin.com/in/edufischer/

[linear]

AGE-3722

[dosubot]

This is a known issue that was addressed in v0.92.1. The services container was changed from port 80 to port 8080 to support non-root execution (non-root users cannot bind to privileged ports below 1024).

Since you're on v0.94.9, this fix should already be included. The issue is likely that your Helm chart values are still referencing port 80. The non-root container changes in PR #3899 updated the default to 8080 in the application code, but you may need to ensure your Helm chart's service configuration uses targetPort: 8080 for the services component.

Your workaround of setting the internal port to 8080 is the correct fix.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

   

[jp-agenta]

Hi @eduardofischer ,

Thank you reporting this. @mmabrouk is looking into OSS/K8S, today.