Quick install guide doesn't work well on OSX with Docker Desktop and current Kubernetes version

[mluk-sap]

Description
I followed the Quick install guide, but the Busola installed via Kyma CLI can't connect to the Kubernetes cluster.

The root cause is this fix for this security issue in k3s.

k3c cluster create command generates kubeconfig, where API server address looks like https://0.0.0.0:54265.
Kyma CLI runs Busola via Docker, which runs in a virtual machine in case of Docker Desktop environment in macOS. In order to connect to the host machine it must replace the IP 0.0.0.0 with host.docker.internal, which is resolved to the Docker Desktop virtual machine IP address. In older clusters (without the security fix) there is a listener that grabs SNI host names from requests coming to the API server and regenerates the SSL certificate if a client requests a new host name, like host.docker.internal.

But after security fix it doesn't work like this anymore and allows only 'known' host names. Busola can't connect to the API server via host.docker.internal as it is not listed in the SSL certificate of the API server.

The simplest fix is to provide Subject Alternative Name host.docker.internal upfront during cluster provisioning.
So 'Quick install' Step 1 should look like:

k3d cluster create --k3s-arg '--tls-san=host.docker.internal@server:*'

Note that in Linux environments with Docker natively supported this won't be required (but it also shouldn't harm).

Area

• kyma-project.io

Reasons

New users (running current k3d versions) are not able to start Kyma UI.

Assignees

@kyma-project/technical-writers

Attachments

• new entry in Busola troubleshooting guide: https://github.com/kyma-project/busola/pull/3046/files

[nataliasitko]

The command has been updated with this PR