Educates couldn't test whether ports 80/443 are available

[ruzickap]

Describe the bug

I would like to start my own kind cluster using educates - like it is described here.

Unfortunately I'm getting the error:

❯ educates create-cluster --verbose=true
Configuration to be applied:
-------------------------------
clusterInfrastructure:
  provider: kind
clusterPackages:
  contour:
    enabled: true
    settings: {}
  kyverno:
    enabled: true
    settings: {}
  educates:
    enabled: true
    settings: {}
clusterSecurity:
  policyEngine: kyverno
clusterIngress:
  domain: 192.168.1.237.nip.io
workshopSecurity:
  rulesEngine: kyverno

###############################
{"status":"Pulling from library/busybox","id":"latest"}
{"status":"Digest: sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7"}
{"status":"Status: Image is up to date for busybox:latest"}
Error: couldn't test whether ports 80/443 available: cannot start busybox container: Error response from daemon: driver failed programming external connectivity on endpoint educates-port-availability-check (6615da5bb10804c67b3669ce624a06092fa9524796632834544f316b3fa503e0): Error starting userland proxy: listen tcp4 192.168.1.237:443: bind: cannot assign requested address

Additional information

I'm using Mac OS 14.4 with colima (not Docker Desktop) as a container engine:

❯ colima --version
colima version 0.6.9

❯ colima status
INFO[0000] colima is running using QEMU
INFO[0000] arch: x86_64
INFO[0000] runtime: docker
INFO[0000] mountType: sshfs
INFO[0000] socket: unix:///Users/Petr_Ruzicka/.colima/default/docker.sock

❯ kind --version
kind version 0.23.0

Let me know if I can run educates with Colima...

Thank you for your great work...

[GrahamDumpleton]

For Docker Desktop to avoid that problem you would need to enable:

• Allow privileged port mapping (Settings->Advanced).

Does Colima have a similar configuration option you must set so that something deployed to it can use ports < 1024?

[GrahamDumpleton]

Actually there is a different issue with Docker Desktop that might cause this issue:

• https://github.com/vmware-tanzu-labs/educates-training-platform/issues/253

This stems from an issue with macOS which Docker Desktop requires special config.

Again, may need to work out whether Colima has a similar issue.

[GrahamDumpleton]

BTW, is anything else running on your system which is already using ports 80 and 443?

[jorgemoralespou]

Colima seems to have an issue opened for this (https://github.com/abiosoft/colima/issues/492) although this seems to be a standard thing for users to do, not sure why is not supported. It seems it's related to colima networking and to the ip rather than the port. Will keep investigating.

[GrahamDumpleton]

You may be able to run educates admin config edit and add:

localKindCluster:
  listenAddress: "0.0.0.0"

if Colima has an issue with use of specific IPs.

Run educates create-cluster again after adding that.

Only question will be whether that port 80/443 test uses that listen address when overridden.

[jorgemoralespou]

We calculate the ip to where the container need to be bound when listenAddress, pointed by @GrahamDumpleton in the comment above, is empty (which is the default scenario) via this function (https://github.com/vmware-tanzu-labs/educates-training-platform/blob/develop/client-programs/pkg/config/host.go#L10-L45) and when this function does not return an ip we use 127.0.0.1.

As @GrahamDumpleton mentions, maybe if you can provide the sprcific IP where colima can listen, I guess the Colima VM ip, it might work, although there might be later problems related to the use of Docker Networks that might not work the same when on colima.

[jorgemoralespou]

Hi, I have tried this myself with Colima, doing the following got it working:

Install colima

brew install colima

Start colima

colima start

Set up DOCKER_HOST variable to point to colima docker sock for compatibility

export DOCKER_HOST="unix://$HOME/.colima/docker.sock"

Added listenAddress to educates config, educates admin config edit. You can add any other configuration. You can get the default configuration via educates admin config view when no configuration already exists.

localKindCluster:
  listenAddress: 0.0.0.0

And then, create educates cluster:

educates create-cluster

Then, deployed a test workshop, and accessed it:

educates deploy-workshop -f https://github.com/vmware-tanzu-labs/lab-k8s-fundamentals/releases/download/7.1/workshop.yaml
educates browse-workshops

Everything was working fine. Note that I used a nip.io default hostname, so haven't validated using a dns with local resolver.