Educates couldn't test whether ports 80/443 are available

[ruzickap]

Describe the bug

I would like to start my own kind cluster using educates - like it is described here.

Unfortunately I'm getting the error:

❯ educates create-cluster --verbose=true
Configuration to be applied:
-------------------------------
clusterInfrastructure:
  provider: kind
clusterPackages:
  contour:
    enabled: true
    settings: {}
  kyverno:
    enabled: true
    settings: {}
  educates:
    enabled: true
    settings: {}
clusterSecurity:
  policyEngine: kyverno
clusterIngress:
  domain: 192.168.1.237.nip.io
workshopSecurity:
  rulesEngine: kyverno

###############################
{"status":"Pulling from library/busybox","id":"latest"}
{"status":"Digest: sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7"}
{"status":"Status: Image is up to date for busybox:latest"}
Error: couldn't test whether ports 80/443 available: cannot start busybox container: Error response from daemon: driver failed programming external connectivity on endpoint educates-port-availability-check (6615da5bb10804c67b3669ce624a06092fa9524796632834544f316b3fa503e0): Error starting userland proxy: listen tcp4 192.168.1.237:443: bind: cannot assign requested address

Additional information

I'm using Mac OS 14.4 with colima (not Docker Desktop) as a container engine:

❯ colima --version
colima version 0.6.9

❯ colima status
INFO[0000] colima is running using QEMU
INFO[0000] arch: x86_64
INFO[0000] runtime: docker
INFO[0000] mountType: sshfs
INFO[0000] socket: unix:///Users/Petr_Ruzicka/.colima/default/docker.sock

❯ kind --version
kind version 0.23.0

Let me know if I can run educates with Colima...

Thank you for your great work...

[GrahamDumpleton]

For Docker Desktop to avoid that problem you would need to enable:

• Allow privileged port mapping (Settings->Advanced).

Does Colima have a similar configuration option you must set so that something deployed to it can use ports < 1024?

[GrahamDumpleton]

Actually there is a different issue with Docker Desktop that might cause this issue:

• Resolver issue with MacOS Sonoma #253

This stems from an issue with macOS which Docker Desktop requires special config.

Again, may need to work out whether Colima has a similar issue.

[GrahamDumpleton]

BTW, is anything else running on your system which is already using ports 80 and 443?

[jorgemoralespou]

Colima seems to have an issue opened for this (abiosoft/colima#492) although this seems to be a standard thing for users to do, not sure why is not supported. It seems it's related to colima networking and to the ip rather than the port.
Will keep investigating.

[GrahamDumpleton]

You may be able to run educates admin config edit and add:

localKindCluster:
  listenAddress: "0.0.0.0"

if Colima has an issue with use of specific IPs.

Run educates create-cluster again after adding that.

Only question will be whether that port 80/443 test uses that listen address when overridden.

[jorgemoralespou]

We calculate the ip to where the container need to be bound when listenAddress, pointed by @GrahamDumpleton in the comment above, is empty (which is the default scenario) via this function (https://github.com/vmware-tanzu-labs/educates-training-platform/blob/develop/client-programs/pkg/config/host.go#L10-L45) and when this function does not return an ip we use 127.0.0.1.

As @GrahamDumpleton mentions, maybe if you can provide the sprcific IP where colima can listen, I guess the Colima VM ip, it might work, although there might be later problems related to the use of Docker Networks that might not work the same when on colima.

[jorgemoralespou]

Hi,
I have tried this myself with Colima, doing the following got it working:

Install colima

brew install colima

Start colima

colima start

Set up DOCKER_HOST variable to point to colima docker sock for compatibility

export DOCKER_HOST="unix://$HOME/.colima/docker.sock"

Added listenAddress to educates config, educates admin config edit. You can add any other configuration. You can get the default configuration via educates admin config view when no configuration already exists.

localKindCluster:
  listenAddress: 0.0.0.0

And then, create educates cluster:

educates create-cluster

Then, deployed a test workshop, and accessed it:

educates deploy-workshop -f https://github.com/vmware-tanzu-labs/lab-k8s-fundamentals/releases/download/7.1/workshop.yaml
educates browse-workshops

Everything was working fine. Note that I used a nip.io default hostname, so haven't validated using a dns with local resolver.

[ruzickap]

Hello guys.
Thank you for nice description.
I downloaded the 3.0.0-alpha.4 version and educates admin config edit is not there:

❯ educates admin config edit
Tools for administering Educates on Kubernetes

Available Commands:
  platform      Manage Educates installation
  diagnostics   Diagnostic commands for the local Kubernetes cluster

Use "admin <command> --help" for more information about a given command.

This one is working fine educates admin platform values --local-config, but there is no "edit" parameter....

[GrahamDumpleton]

See updated docs at https://develop--educates-docs.netlify.app/

We haven't completed updating section to replace PackageRepository based install as yet, but have for CLI based install.

[GrahamDumpleton]

The replacement command is:

educates local config edit

We are trying to draw a better line between local Educates cluster using Kind and a hosted cluster.

[GrahamDumpleton]

And yes we still need to add to release notes for nature of some of these changes. Also need to look at a migration page for 2.X to 3.X to better call out changes.

[ruzickap]

Thank you Graham.

One minor issue with educates local config edit:

$ educates local config edit
Error: unable to temporary values file "/Users/Petr_Ruzicka/Library/Application Support/educates/values.yaml.49031": open /Users/Petr_Ruzicka/Library/Application Support/educates/values.yaml.49031: no such file or directory

-> I had to create the /Users/Petr_Ruzicka/Library/Application Support/educates directory manually.

I updated the docs for the Colima users: #500

[GrahamDumpleton]

Okay, what has probably happened is that as we have refactored the CLI, we have managed to drop the bit of code that ensures the directory exists.

cc @jorgemoralespou

[GrahamDumpleton]

Fixed. Looks like check may have never existed and we never noticed since directory had been created previously for us for other reasons and never re-tested from scratch.