I am behind a corporate proxy and need to use cntlm. Hence my proxy env variables are as follows
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
Now when I try to start minikube using minikube start I get the following errors
❗ Local proxy ignored: not passing HTTP_PROXY=http://localhost:3128 to docker env.
❗ Local proxy ignored: not passing HTTPS_PROXY=http://localhost:3128 to docker env.
However since I'm using cntlm the proxy should be localhost:3128. How do I get over this problem. I tried the following as well without any success and get the same error
minikube start --docker-env HTTP_PROXY=http://127.0.0.1:3128 --docker-env HTTPS_PROXY=http://127.0.0.1:3128
I have the same problem. I had CNTLM listen on IPv6 localhost interface ::1 and told minikube to proxy via that one:
HTTP_PROXY=http://::1:3128 ...
Related
I am trying to use Ingress in minikube by minikube addons enable ingress. However, currently Ingress cannot be used with minikube when the driver is docker on macOS based on this issue ticket.
So I turn to use hyperkit or virtualbox as driver. One image that need to be pulled when enabling Ingress is k8s.gcr.io/ingress-nginx/controller:v0.44.0. However, k8s.gcr.io is blocked in my current location.
So I try to use a VPN in global mode for my computer. However, I met this issue that hyperkit is unable to access k8s.gcr.io when the VPN is in use.
Then I found this document
https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/
My VPN is listening at 127.0.0.1:1087, I set
export HTTP_PROXY=http://127.0.0.1:1087
export HTTPS_PROXY=https://127.0.0.1:1087
export NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.99.0/24,192.168.39.0/24
Then I tried all these methods to start minikube:
minikube start --driver=hyperkit
minikube start --driver=virtualbox
minikube start --driver=hyperkit --docker-env HTTP_PROXY=http://127.0.0.1:1087 --docker-env HTTPS_PROXY=https://127.0.0.1:1087 --docker-env NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.99.0/24,192.168.39.0/24
But I saw these messages:
😄 minikube v1.21.0 on Darwin 11.2.3
✨ Using the hyperkit driver based on user configuration
❗ Local proxy ignored: not passing HTTP_PROXY=http://127.0.0.1:1087 to docker env.
❗ Local proxy ignored: not passing HTTPS_PROXY=https://127.0.0.1:1087 to docker env.
👍 Starting control plane node minikube in cluster minikube
🔥 Creating hyperkit VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
❗ Local proxy ignored: not passing HTTP_PROXY=http://127.0.0.1:1087 to docker env.
❗ Local proxy ignored: not passing HTTPS_PROXY=https://127.0.0.1:1087 to docker env.
and
😄 minikube v1.21.0 on Darwin 11.2.3
✨ Using the virtualbox driver based on existing profile
❗ Local proxy ignored: not passing HTTP_PROXY=http://127.0.0.1:1087 to docker env.
❗ Local proxy ignored: not passing HTTPS_PROXY=https://127.0.0.1:1087 to docker env.
Seems this "user configuration" overwrite my proxy config. But where is this "user configuration"?
What is the correct way to set proxy for minikube when the drive hyperkit or virtualbox? Thanks!
My guess is 127.0.0.1 conflicts with the VM's internal 127.0.0.1 address, and that's why it's ignored. You might need to configure your proxy to be your host's network IP instead of 127.0.0.1? You might not even need to configure a proxy? Also, the Virtualbox driver gives me problems with VPN. I have the best luck with the VMware driver, and can also get the HyperKit driver to work if I update the VM's DNS to my host's DNS.
minikube start --driver hyperkit
minikube ssh sudo resolvectl dns eth0 192.168.0.53
minikube ssh sudo resolvectl domain eth0 example.com
I also get the unable to access k8s.gcr.io error when creating the VM, but it doesn't seem to affect things.
Downloading this image using docker, exporting it to file, transfering it to minikube VM and importing it to local docker registry, like in this thread has solved the problem.
Your proxy is for circumventing the China Greate Firewall correct? Then I know why it is not working. It is not releated to hyperkit or virutalbox at all.
I checked the source code of minikube. "Local proxy ignored" actually means that your proxy url is set to localhost (127.0.*) and minikube thinks you set the proxy incorrectly so it will just ignore this setting.
The resolution is just to edit your host file (for Windows it is in C:\Windows\System32\drivers\etc\hosts), to give 127.0.0.1 a hostname. You can add the following line into the end of the host file.
127.0.0.1 localproxy
Then change environment variable http_proxy and https_proxy to http://localproxy:1235.
Reopen the CMD window to get the updated environment variable and restart the minikue. You should be able to find that the "Local proxy ignored" message is gone and finally you can download the image from gcr.io.
I'm currently using minikube and I'm trying to access my application by utilizing the minikube tunnel since the service type is LoadBalancer.
I'm able to obtain an external IP when I execute the minikube tunnel, however, when I try to check it on the browser it doesn't work. I've also tried Postman and curl, they both don't work.
To add to this, if I shell into the pod I can use curl and it does work. Furthermore, I executed kubectl port-forward and I was able to access my application through localhost.
Does anyone have any idea as to why I'm not being able to access my application even though everything seems to be running correctly?
Your service is probably bound to localhost. Minikube starts the cluster in a VM or docker (depending on the driver you are using) that is bound to an external IP, $(minikube ip).
When you are running a minikube tunnel you're tunneling from minikube cluster external IP to the internal IP of the load balancer, the LB service in Kubernete the External IP goes from "Pending" to an actual internal IP and something like this should work:
curl -H 'Host: localhost' -v $(minikube ip)
However, it doesn't in the browser, since in the above command you are sending the request to the minikube's IP, not localhost. What I do for this to work is a ssh tunnel like this one:
ssh -i $(minikube ssh-key) docker#$(minikube ip) -L 8008:localhost:80
This maps the LB listener in port 80, in minikube's cluster, to 8008 in localhost. The external IP of the service remains pending but it works since the Kube controller can still find it. If you want to map port 80 then you will need to add sudo.
If the version of ssh on your system (the one in your path) is less than 8.0, 'minikube tunnel' will silently fail to instantiate the ssh tunnel for some port forwards. (e.g. privileged ports)
Open a command prompt as administrator, and type 'where.exe ssh'. Navigate to that location in windows explorer, and right-click on 'ssh.exe'. Choose Properties->Details to see the version.
If this is less than version 8.0 you must upgrade that to at least version 8.0 to prevent this silent failure of ssh by 'minikube tunnel'.
After upgrading, ssh, ensure that the newer version is the one that will be executed by using the 'where.exe' command again. If there are two on your system, then reorder the paths in your path environment variable. Restart your shell (or better) reboot the system so that all processes environments pick up the path changes.
Then try 'minikube tunnel' again. When it is working, you should see an ssh instance in the task manager for each tunnel that minikube creates.
In my case minikube service <serviceName> solved this issue.
For further details look here in minikube docs.
I am using eclipse docker tooling perspective to handle minikube docker repository on windows 10. The installation and configuration of minikube are successful.
> minikube docker-env
$Env:DOCKER_TLS_VERIFY = "1"
$Env:DOCKER_HOST = "tcp://172.17.63.134:2376"
$Env:DOCKER_CERT_PATH = "C:\Users\joseph\.minikube\certs"
$Env:MINIKUBE_ACTIVE_DOCKERD = "minikube"
# To point your shell to minikube's docker-daemon, run:
# & minikube -p minikube docker-env | Invoke-Expression
When managing docker images, I use docker explorer of docker tooling perspective. And below image is the the Docker Connection Dialog
[Test Connection] is successful and the connection throws no errors. But the problem is the DOCKER_HOST of minikube is variable. The DOCKER_HOST is not fixed and is changeable whenever minikube is started. I want to know how to fix the DOCKER_HOST ip address when minikube is started or the system variable of DOCKER_HOST with which I can set the value of docker tcp connection URI of eclipse IDE.
I've reproduced your problem using the following steps:
minikube start --vm-driver=xhyve
minikube ip (note the IP address)
minikube stop
minikube delete
minikube start --vm-driver=xhyve
minikube ip (IP address has changed)
After digging around I understood that at the moment there is no support for predictable IP's across restarts.
There is an open issue for this and you can follow it here.
How to ssh to the node inside the cluster in local. I am using docker edge version which has kubernetes inbuilt. If i run
kubectl ssh node
I am getting
Error: unknown command "ssh" for "kubectl"
Did you mean this?
set
Run 'kubectl --help' for usage.
error: unknown command "ssh" for "kubectl"
Did you mean this?
set
There is no "ssh" command in kubectl yet, but there are plenty of options to access Kubernetes node shell.
In case you are using cloud provider, you are able to connect to nodes directly from instances management interface.
For example, in GCP: Select Menu -> Compute Engine -> VM instances, then press SSH button on the left side of the desired node instance.
In case of using local VM (VMWare, Virtualbox), you can configure sshd before rolling out Kubernetes cluster, or use VM console, which is available from management GUI.
Vagrant provides its own command to access VMs - vagrant ssh
In case of using minikube, there is minikube ssh command to connect to minikube VM. There are also other options.
I found no simple way to access docker-for-desktop VM, but you can easily switch to minikube for experimenting with node settings.
How to ssh to the node inside the cluster in local
Kubernetes is aware of nodes on level of secure communication with kubelets on nodes (geting hostname and ip from node), and as such, does not provide cluster-level ssh to nodes out of the box. Depending on your actual provide/setup there are different ways of connecting to nodes and they all boil down to locate your ssh key, open appropriate ports on firewall/security groups and issue ssh -i key user#node_instance_ip command to access node. If you are running locally with virtual machines you can setup your own ssh keypairs and do the trick..
You can effectively shell into a pod using exec(I know its not exactly what the question asks, but might be helpful).
An example usage would be kubectl exec -it name-of-your-pod -- /bin/bash. assuming you have bash installed.
Hope that helps.
You have to first Extend kubectl with plugins adding https://github.com/luksa/kubectl-plugins.
Basically, to "install" ssh, e.g.:
wget https://raw.githubusercontent.com/luksa/kubectl-plugins/master/kubectl-ssh
Then make sure the file is in kubectl-ssh your path.
I got Kubernetes Minikube on my laptop (4cores, 8 GB RAM). I just performed the basic installation steps (got miniKube and kubectl, enabled the BIOS virtualization) and I am able to start the cluster:
C:\Users\me>minikube start
Starting local Kubernetes cluster...
Starting VM...
SSH-ing files into VM...
Setting up certs...
Starting cluster components...
Connecting to cluster...
Setting up kubeconfig...
Kubectl is now configured to use the cluster.
However, when I try to interact with the cluster, I allways get the same error, sample:
C:\Users\me>kubectl get pods --context=minikube
Unable to connect to the server: dial tcp 192.168.99.100:8443: connectex: A connection attempt failed because the connected party
did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
I execute minikube ip and I ping the result IP and I get a response. Also I tried to give more memory (3Gb vs the standard 2Gb) and nothing changed.
Am I doing something wrong here?
Thanks!
I had same issue as above. I found out that kubectl couldn't connect to the cluster and would throw up the error when i'm on a VPN connection. When I turned off my VPN client, it started working as fine.
I think it could be some problem with the cluster, when I run minikube status I've got the mixed results of cluster running and cluster stopped:
First run:
c:\> minikube status
minikube: Running
cluster: Stopped
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.100
Second run:
minikube: Running
cluster: Running
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.100
Third run:
minikube: Running
cluster: Stopped
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.100
The service is flapping.
UPDATED:
Connecting to the minikube vm using minikube ssh I realized the kubeconfig file have wrong path separator for certificates generated by minikube automatic configuration. The path on kubeconfig file stands for \var\lib\localkube\certs\ca.cert and it have to be /var/lib/localkube/certs/ca.cert and so on...
To update the file I have to copy the content of the orignal file to my desktop, fix the directory separators and save the correct file to /var/lib/localkube/kubeconfig and restart the service using:
sudo systemclt restart localkube.
I hope everyone can use minikube with this tip.
If it keep to hit 8443 connection issue when changed work environment, would simplify turn off TLS verification for minikube local cluster if there is not clue.
https://github.com/robertluwang/docker-hands-on-guide/blob/master/minikube-no-tls-verify.md
Hope it is helpful for you.
BR/
Robert
from the documentation:
for Troubleshooting
Run minikube start --alsologtostderr -v=7 to debug crashes
I had the same problem:
check if a some service of a VPN is running by checking the task management, for me, I had a running service of my VPN, so kill the task and try to run the command showed above