`tcpSocket` doesn't actually test TCP ports inside container

[KyleFromNVIDIA]

Consider the following:

#!/bin/sh

set -ex

cat > phony-tcp.Dockerfile <<EOF
FROM ubuntu:22.04

# It succeeds even without the EXPOSE command
# EXPOSE 8080

CMD /bin/bash -c 'while true; do sleep 60; done'
EOF

cat > phony-tcp.yaml <<EOF
apiVersion: container-canary.nvidia.com/v1
kind: Validator
name: phony-tcp
description: phony-tcp checks
ports:
  - port: 8080
    protocol: tcp
checks:
  - name: tcp
    probe:
      tcpSocket:
        port: 8080
EOF

docker build -t phony-tcp -f phony-tcp.Dockerfile .

container-canary validate --file phony-tcp.yaml phony-tcp

The check succeeds even though the container is clearly not listening to port 8080, because container-canary is connecting to the Docker proxy, rather than the actual process inside the container.

Unfortunately, I'm not sure on how to actually fix this. We may have to simply issue a warning for this particular check.