Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow minikube to function with misconfigured NO_PROXY value #4229

Merged
merged 28 commits into from
May 20, 2019
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
581b63a
Fixed API connectivity with http(s) proxy
medyagh May 7, 2019
0529f0b
Added more comment
medyagh May 8, 2019
8bc0010
Fix dashboard behind proxy and refactor
medyagh May 10, 2019
6a433d0
Fixing K8S Client Config with TranportWrap
medyagh May 15, 2019
ddb95e1
return error if nil
medyagh May 15, 2019
8120cdd
No Proxy for Dashboard and moving logic to proxy package
medyagh May 15, 2019
830e18d
Updated warn message and remove duplicate warning
medyagh May 15, 2019
6384a22
Fix naming and improve public functions singatures
medyagh May 15, 2019
6fe614e
Fix stutter between the package name and the function
medyagh May 15, 2019
b9149b1
Better name
medyagh May 15, 2019
e878f9b
Merge remote-tracking branch 'upstream/master' into no_proxy_for_self
medyagh May 15, 2019
1079933
Added integration tests for proxy
medyagh May 15, 2019
a0c6013
Fixed Error handling for http serve
medyagh May 15, 2019
b8501ea
Fix formatting
medyagh May 15, 2019
08d19bf
Improve formatting and messages
medyagh May 15, 2019
53a4625
Return host IP when using vmware as vm driver.
ne0h May 14, 2019
88a1489
Make derivation of Host IP address more generic when using vmware.
ne0h May 15, 2019
a2590ec
Adding more unit test
medyagh May 16, 2019
f38efb9
Improved Style
medyagh May 16, 2019
3ff806a
Added unittest and rebase
medyagh May 16, 2019
a1e34b0
Improve http server shutdown handling
medyagh May 16, 2019
6484548
fix formatting
medyagh May 16, 2019
0d58773
Clean up after unit test
medyagh May 17, 2019
d4cf3b0
Merge remote-tracking branch 'upstream/master' into no_proxy_for_self
medyagh May 17, 2019
42e40e3
Debug
medyagh May 19, 2019
871c2e6
Better clean up after tesdt proxy setup
medyagh May 19, 2019
c428ce5
Fix typo
medyagh May 19, 2019
b6bf1df
Improve test clean up
medyagh May 19, 2019
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion cmd/minikube/cmd/dashboard.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"fmt"
"io"
"net/http"
"os"
"os/exec"
"regexp"
"time"
Expand All @@ -32,9 +33,11 @@ import (
configcmd "k8s.io/minikube/cmd/minikube/cmd/config"
"k8s.io/minikube/pkg/minikube/cluster"
"k8s.io/minikube/pkg/minikube/config"
pkg_config "k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/console"
"k8s.io/minikube/pkg/minikube/exit"
"k8s.io/minikube/pkg/minikube/machine"
"k8s.io/minikube/pkg/minikube/proxy"
"k8s.io/minikube/pkg/minikube/service"
"k8s.io/minikube/pkg/util"
)
Expand All @@ -52,11 +55,19 @@ var dashboardCmd = &cobra.Command{
Short: "Access the kubernetes dashboard running within the minikube cluster",
Long: `Access the kubernetes dashboard running within the minikube cluster`,
Run: func(cmd *cobra.Command, args []string) {
cc, err := pkg_config.Load()
medyagh marked this conversation as resolved.
Show resolved Hide resolved
if err != nil && !os.IsNotExist(err) {
console.ErrLn("Error loading profile config: %v", err)
}
err = proxy.ExcludeIP(cc.KubernetesConfig.NodeIP) // to be used for http get calls
if err != nil {
glog.Errorf("Error Excluding IP from proxy: %s", err)
medyagh marked this conversation as resolved.
Show resolved Hide resolved
}

kubectl, err := exec.LookPath("kubectl")
if err != nil {
exit.WithCode(exit.NoInput, "kubectl not found in PATH, but is required for the dashboard. Installation guide: https://kubernetes.io/docs/tasks/tools/install-kubectl/")
}

api, err := machine.NewAPIClient()
defer func() {
err := api.Close()
Expand Down Expand Up @@ -117,7 +128,9 @@ var dashboardCmd = &cobra.Command{
func kubectlProxy(path string) (*exec.Cmd, string, error) {
// port=0 picks a random system port
// config.GetMachineName() respects the -p (profile) flag

cmd := exec.Command(path, "--context", config.GetMachineName(), "proxy", "--port=0")

stdoutPipe, err := cmd.StdoutPipe()
if err != nil {
return nil, "", errors.Wrap(err, "cmd stdout")
Expand Down
19 changes: 14 additions & 5 deletions cmd/minikube/cmd/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ import (
"k8s.io/minikube/pkg/minikube/exit"
"k8s.io/minikube/pkg/minikube/logs"
"k8s.io/minikube/pkg/minikube/machine"
"k8s.io/minikube/pkg/minikube/proxy"
pkgutil "k8s.io/minikube/pkg/util"
"k8s.io/minikube/pkg/version"
)
Expand Down Expand Up @@ -102,9 +103,6 @@ var (
apiServerNames []string
apiServerIPs []net.IP
extraOptions pkgutil.ExtraOptionSlice

// proxyVars are variables we plumb through to the underlying container runtime
proxyVars = []string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"}
)

func init() {
Expand Down Expand Up @@ -222,6 +220,11 @@ func runStart(cmd *cobra.Command, args []string) {
host, preexisting := startHost(m, config.MachineConfig)

ip := validateNetwork(host)
// Makes minikube node ip to bypass http(s) proxy. since it is local traffic.
err = proxy.ExcludeIP(ip)
if err != nil {
console.ErrStyle("Failed to set NO_PROXY Env. please Use `export NO_PROXY=$NO_PROXY,%s`.", ip)
}
// Save IP to configuration file for subsequent use
config.KubernetesConfig.NodeIP = ip
if err := saveConfig(config); err != nil {
Expand Down Expand Up @@ -383,7 +386,7 @@ func generateConfig(cmd *cobra.Command, k8sVersion string) (cfg.Config, error) {
// Feed Docker our host proxy environment by default, so that it can pull images
if _, ok := r.(*cruntime.Docker); ok {
if !cmd.Flags().Changed("docker-env") {
for _, k := range proxyVars {
for _, k := range proxy.EnvVars {
if v := os.Getenv(k); v != "" {
dockerEnv = append(dockerEnv, fmt.Sprintf("%s=%s", k, v))
}
Expand Down Expand Up @@ -522,13 +525,19 @@ func validateNetwork(h *host.Host) string {
}

optSeen := false
for _, k := range proxyVars {
warnedOnce := false
for _, k := range proxy.EnvVars {
if v := os.Getenv(k); v != "" {
if !optSeen {
console.OutStyle("internet", "Found network options:")
optSeen = true
}
console.OutStyle("option", "%s=%s", k, v)
ipExcluded := proxy.IsIPExcluded(ip) // Skip warning if minikube ip is already in NO_PROXY
if (k == "HTTP_PROXY" || k == "HTTPS_PROXY") && !ipExcluded && !warnedOnce {
console.Warning("You appear to be using a proxy, but your NO_PROXY environment does not include the minikube IP (%s). Please see https://github.com/kubernetes/minikube/blob/master/docs/http_proxy.md for more details", ip)
warnedOnce = true
}
}
}

Expand Down
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ require (
github.com/docker/docker v0.0.0-20180917213351-bbe08dc7f0b9
github.com/docker/go-units v0.0.0-20170127094116-9e638d38cf69
github.com/docker/machine v0.16.1
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f
github.com/fsnotify/fsnotify v0.0.0-20160816051541-f12c6236fe7b
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680
github.com/gogo/protobuf v0.0.0-20170330071051-c0656edd0d9e
Expand Down Expand Up @@ -56,6 +57,7 @@ require (
github.com/pelletier/go-toml v0.0.0-20160822122712-0049ab3dc4c4
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c
github.com/peterbourgon/diskv v2.0.1+incompatible
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
github.com/pkg/browser v0.0.0-20160118053552-9302be274faa
github.com/pkg/errors v0.8.0
github.com/pkg/profile v0.0.0-20161223203901-3a8809bd8a80
Expand Down
4 changes: 4 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ github.com/docker/go-units v0.0.0-20170127094116-9e638d38cf69 h1:N4WAsrRIb+4U1yI
github.com/docker/go-units v0.0.0-20170127094116-9e638d38cf69/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/machine v0.16.1 h1:zrgroZounGVkxLmBqMyc1uT2GgapXVjIWHCfBf0udrA=
github.com/docker/machine v0.16.1/go.mod h1:I8mPNDeK1uH+JTcUU7X0ZW8KiYz0jyAgNaeSJ1rCfDI=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/fsnotify/fsnotify v0.0.0-20160816051541-f12c6236fe7b h1:lHoxUxMozh/yCASOoFep9dPMva62ztmxKK2VB8//Aoo=
github.com/fsnotify/fsnotify v0.0.0-20160816051541-f12c6236fe7b/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680 h1:ZktWZesgun21uEDrwW7iEV1zPCGQldM2atlJZ3TdvVM=
Expand Down Expand Up @@ -105,6 +107,8 @@ github.com/pelletier/go-toml v0.0.0-20160822122712-0049ab3dc4c4/go.mod h1:5z9KED
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c/go.mod h1:HUpKUBZnpzkdx0kD/+Yfuft+uD3zHGtXF/XJB14TUr4=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/pkg/browser v0.0.0-20160118053552-9302be274faa h1:od00Tr1U7+cLVtc+RNFmR53spHUF98Ziu33S8UIQnt0=
github.com/pkg/browser v0.0.0-20160118053552-9302be274faa/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA=
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
Expand Down
1 change: 1 addition & 0 deletions pkg/minikube/bootstrapper/kubeadm/kubeadm.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ func (k *Bootstrapper) GetAPIServerStatus(ip net.IP, apiserverPort int) (string,
url := fmt.Sprintf("https://%s:%d/healthz", ip, apiserverPort)
// To avoid: x509: certificate signed by unknown authority
tr := &http.Transport{
Proxy: nil, // To avoid connectiv issue if http(s)_proxy is set.
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
Expand Down
130 changes: 130 additions & 0 deletions pkg/minikube/proxy/proxy.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
/*
Copyright 2019 The Kubernetes Authors All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package proxy

import (
"fmt"
"net"
"net/http"
"os"
"strings"

"github.com/golang/glog"
"github.com/pkg/errors"
"k8s.io/client-go/rest"
)

// EnvVars are variables we plumb through to the underlying container runtime
var EnvVars = []string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"}

// isInBlock checks if ip is a CIDR block
func isInBlock(ip string, block string) (bool, error) {
if ip == "" {
return false, fmt.Errorf("ip is nil")
}
if block == "" {
return false, fmt.Errorf("CIDR is nil")
}

i := net.ParseIP(ip)
if i == nil {
return false, fmt.Errorf("parsed IP is nil")
}
_, b, err := net.ParseCIDR(block)
if err != nil {
return false, errors.Wrapf(err, "Error Parsing block %s", b)
}

if b.Contains(i) {
return true, nil
}
return false, errors.Wrapf(err, "Error ip not in block")
}

// ExcludeIP will exclude the ip from the http(s)_proxy
func ExcludeIP(ip string) error {
return updateEnv(ip, "NO_PROXY")
}

// IsIPExcluded checks if an IP is excluded from http(s)_proxy
func IsIPExcluded(ip string) bool {
return checkEnv(ip, "NO_PROXY")
}

// updateEnv appends an ip to the environment variable
func updateEnv(ip string, env string) error {
if !isValidEnv(env) {
return fmt.Errorf("%s is not a valid env var name for proxy settings", env)
}
if !checkEnv(ip, env) {
v := os.Getenv(env)
if v == "" {
return os.Setenv(env, ip)
}
return os.Setenv(env, fmt.Sprintf("%s,%s", v, ip))
}
return nil
}

// checkEnv checks if ip in an environment variable
func checkEnv(ip string, env string) bool {
v := os.Getenv(env)
if v == "" {
return false
}
// Checking for IP explicitly, i.e., 192.168.39.224
if strings.Contains(v, ip) {
return true
}
// Checks if included in IP ranges, i.e., 192.168.39.13/24
noProxyBlocks := strings.Split(v, ",")
for _, b := range noProxyBlocks {
if yes, _ := isInBlock(ip, b); yes {
return true
}
}

return false
}

// isValidEnv checks if the env for proxy settings
func isValidEnv(env string) bool {
for _, e := range EnvVars {
if e == env {
return true
}
}
return false
}

// UpdateTransport takes a k8s client *rest.config and returns a config without a proxy.
func UpdateTransport(cfg *rest.Config) *rest.Config {
wt := cfg.WrapTransport // Config might already have a transport wrapper
cfg.WrapTransport = func(rt http.RoundTripper) http.RoundTripper {
if wt != nil {
rt = wt(rt)
}
if ht, ok := rt.(*http.Transport); ok {
ht.Proxy = nil
rt = ht
} else {
glog.Errorf("Error while casting roundr tripper (of type %T) to *http.Transport : %v", rt, ok)
medyagh marked this conversation as resolved.
Show resolved Hide resolved
}
return rt
}
return cfg
}
76 changes: 76 additions & 0 deletions pkg/minikube/proxy/proxy_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
/*
Copyright 2019 The Kubernetes Authors All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package proxy

import (
"fmt"
"testing"
)

func TestIsValidEnv(t *testing.T) {
var testCases = []struct {
env string
want bool
}{
{"", false},
{"HTTPS-PROXY", false},
{"NOPROXY", false},
}
for _, tc := range testCases {
t.Run(fmt.Sprintf("%s", tc.env), func(t *testing.T) {
got := isValidEnv(tc.env)
if got != tc.want {
t.Errorf("isValidEnv(\"%v\") got %v; want %v", tc.env, got, tc.want)
}

})
}

}
func TestIsInBlock(t *testing.T) {

var testCases = []struct {
ip string
block string
want bool
wanntAErr bool
}{
{"", "192.168.0.1/32", false, true},
{"192.168.0.1", "192.168.0.1/32", true, false},
{"192.168.0.2", "192.168.0.1/32", false, false},
{"192.168.0.1", "192.168.0.1/18", true, false},
{"abcd", "192.168.0.1/18", false, true},
}
for _, tc := range testCases {
t.Run(fmt.Sprintf("%s in %s", tc.ip, tc.block), func(t *testing.T) {
got, err := isInBlock(tc.ip, tc.block)
gotErr := false
if err != nil {
gotErr = true
}
if gotErr != tc.wanntAErr {
t.Errorf("isInBlock(%v,%v) got error is %v ; want error is %v", tc.ip, tc.block, gotErr, tc.wanntAErr)
}

if got != tc.want {
t.Errorf("isInBlock(%v,%v) got %v; want %v", tc.ip, tc.block, got, tc.want)
}

})
}

}
Loading