On Podman, detect if application is listening on the loopback interface, and either error out or not depending on --ignore-localhost

[rm3l]

What type of PR is this:
/kind feature
/area dev
/area odo-on-podman

What does this PR do / why we need it:
The way odo currently does port-forwarding on Podman is via a HostPort in the relevant container in the pod spec. But as reported in #6510 and containers/podman#17353, Podman won't forward traffic to the container if the container port is bound to the container loopback interface.
As discussed in #6510 (comment) (and similar to how things work on DevSpaces), this PR tries to detect if ports that need to be forwarded are bound to the container loopback interface. If this is the case:

• by default, odo dev on Podman will error out with an error message indicating the issue, along with a recommendation to either change the application to listen on 0.0.0.0, or to run odo dev with --forward-localhost (PR to follow up soon).
• if odo dev is run with --ignore-localhost, this message will be displayed as a warning, but this won't prevent odo dev from running. However, any request sent out to the local port forwarded to the container on its loopback interface might not work with Podman.

I'll create a subsequent PR that adds a new --forward-localhost flag, the goal of which is to make port-forwarding work in such cases via a side container. It'll be inspired by what had been done in #6589

Which issue(s) this PR fixes:
This relates to #6510

PR acceptance criteria:

• Unit test

• Integration test

• Documentation

How to test changes / Special notes to the reviewer:

This behavior should not affect the default cluster mode.

To test the changes on Podman, either use a project with an application listening on some port on localhost, or leverage some existing stacks like Node.JS which have debuggers listening on localhost.

$ mkdir /tmp/nodejs && cd /tmp/nodejs
$ odo init --name debug-nodejs --devfile nodejs --starter nodejs-starter

• Without --ignore-localhost, odo dev on Podman should start but error out after detecting that the port is bound to the container loopback interface:

$ ODO_EXPERIMENTAL_MODE=t odo dev --platform=podman --debug

...
↪ Running on podman in Dev mode
 ✓  Deploying pod [3s]
 ✓  Building your application in container (command: install) [2s]
 •  Executing the application (command: debug)  ...
 ✗  Detected that the following port(s) can be reached only via the container loopback interface: debug (5858).
Port forwarding on Podman currently does not work with applications listening on the loopback interface.
Either change the application to make those port(s) reachable on all interfaces (0.0.0.0), or rerun 'odo dev' with any of the following options:
- --ignore-localhost: no error will be returned by odo, but port-forwarding on those ports might not work on Podman.
- --forward-localhost: odo will inject a dedicated side container to redirect traffic to such ports.
Cleaning up resources
 ✗  Finished executing the application (command: debug) [16s]
 ✗  cannot make port forwarding work with ports bound to the loopback interface only

NOTE: only ports that are expected to be forwarded are checked. In the example above, if I run ODO_EXPERIMENTAL_MODE=t odo dev --platform=podman (without --debug), odo dev should start and work normally.

• With --ignore-localhost, odo dev on Podman should start but display a warning message after detecting that the port is bound to the container loopback interface:

$ ODO_EXPERIMENTAL_MODE=t odo dev --platform=podman --debug --ignore-localhost

...
↪ Running on podman in Dev mode
 ✓  Deploying pod [3s]
 ✓  Building your application in container (command: install) [4s]
 •  Executing the application (command: debug)  ...
 ⚠  Detected that the following port(s) can be reached only via the container loopback interface: debug (5858).
Port forwarding on Podman currently does not work with applications listening on the loopback interface.
Either change the application to make those port(s) reachable on all interfaces (0.0.0.0), or rerun 'odo dev' with '--forward-localhost' to make port-forwarding work with such ports.
 -  Forwarding from 127.0.0.1:20001 -> 3000
 -  Forwarding from 127.0.0.1:20002 -> 5858

↪ Dev mode
 Status:
 Watching for changes in the current directory /tmp/test/nodejs

 Keyboard Commands:
[Ctrl+c] - Exit and delete resources from podman
     [p] - Manually apply local changes to the application on podman

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[netlify]

✅ Deploy Preview for odo-docusaurus-preview canceled.

Name	Link
🔨 Latest commit	17e0292
🔍 Latest deploy log	https://app.netlify.com/sites/odo-docusaurus-preview/deploys/63ff564590710200075621c6

[odo-robot]

OpenShift Unauthenticated Tests on commit 3b65124 finished successfully.
View logs: TXT HTML

[odo-robot]

NoCluster Tests on commit 3b65124 finished successfully.
View logs: TXT HTML

[odo-robot]

Unit Tests on commit 3b65124 finished successfully.
View logs: TXT HTML

[odo-robot]

Validate Tests on commit 3b65124 finished successfully.
View logs: TXT HTML

[odo-robot]

Kubernetes Tests on commit ed5723e finished successfully.
View logs: TXT HTML

[odo-robot]

Windows Tests (OCP) on commit 3b65124 finished with errors.
View logs: TXT HTML

[odo-robot]

OpenShift Tests on commit 3b65124 finished successfully.
View logs: TXT HTML

[odo-robot]

Kubernetes Docs Tests on commit 463c15d finished successfully.
View logs: TXT HTML

[feloy]

Thanks!

[rm3l]

  Expected
      <*url.Error | 0xc0007d3170>: {
          Op: "Post",
          URL: "http://127.0.0.1:65530/api/newuser",
          Err: <*errors.errorString | 0xc00007c130>{s: "EOF"},
      }
  to be nil
  In [It] at: C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/e2escenarios/e2e_test.go:306

  There were additional failures detected after the initial failure.  Here's a summary - for full details run Ginkgo in verbose mode:
    [FAILED] in [AfterEach] at C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/helper/helper_filesystem.go:48
------------------------------


Summarizing 1 Failure:
  [FAIL] E2E Test starting with non-empty Directory add Binding [It] should verify developer workflow of using binding as env in innerloop
  C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/e2escenarios/e2e_test.go:306

Flaky E2E test - reported in #6582

/override windows-integration-test/Windows-test

[openshift-ci]

@rm3l: Overrode contexts on behalf of rm3l: windows-integration-test/Windows-test

In response to this:

 Expected
     <*url.Error | 0xc0007d3170>: {
         Op: "Post",
         URL: "http://127.0.0.1:65530/api/newuser",
         Err: <*errors.errorString | 0xc00007c130>{s: "EOF"},
     }
 to be nil
 In [It] at: C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/e2escenarios/e2e_test.go:306

 There were additional failures detected after the initial failure.  Here's a summary - for full details run Ginkgo in verbose mode:
   [FAILED] in [AfterEach] at C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/helper/helper_filesystem.go:48
------------------------------


Summarizing 1 Failure:
 [FAIL] E2E Test starting with non-empty Directory add Binding [It] should verify developer workflow of using binding as env in innerloop
 C:/Users/Administrator.ANSIBLE-TEST-VS/3329/tests/e2escenarios/e2e_test.go:306

Flaky E2E test - reported in #6582

/override windows-integration-test/Windows-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
3 Code Smells

No Coverage information
0.0% Duplication