Minikube配置主机代理

在使用 minikube 的时候碰到了一个问题，minikube start 之后，虽然我开启了主机的代理，但是在 minikube 节点中 pull 镜像时总是失败。

在 minikube 官方文档里，推荐通过 HTTP_PROXY、HTTPS_PROXY 和 NO_PROXY 环境变量传给 minikube，并且特别强调 NO_PROXY 很重要，否则集群内部地址也可能被错误地送进代理，导致组件通信异常。

宿主机中执行 ip a 时如下：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
3: enp171s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 78:55:36:06:e4:22 brd ff:ff:ff:ff:ff:ff
    altname enx78553606e422
    inet 10.65.163.66/16 brd 10.65.255.255 scope global dynamic noprefixroute enp171s0
       valid_lft 240080sec preferred_lft 240080sec
    inet6 2001:da8:e021:6565::3:d80e/128 scope global dynamic noprefixroute
       valid_lft 179550sec preferred_lft 93150sec
    inet6 fe80::e8be:df6a:d5b3:21ee/64 scope link noprefixroute
       valid_lft forever preferred_lft forever 
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 3a:b6:7f:07:78:26 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::38b6:7fff:fe07:7826/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
19: br-ef20fd0aa66e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether da:3c:71:a8:5b:17 brd ff:ff:ff:ff:ff:ff
    inet 192.168.49.1/24 brd 192.168.49.255 scope global br-ef20fd0aa66e
       valid_lft forever preferred_lft forever
    inet6 fe80::d83c:71ff:fea8:5b17/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

在 minikube 节点中执行 ip a 如下：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 42:0c:2d:36:1b:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.49.2/24 brd 192.168.49.255 scope global eth0
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether e2:c0:91:13:8c:f9 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:a6:f8:bd:fe:f3 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/16 brd 10.244.255.255 scope global bridge
       valid_lft forever preferred_lft forever
    inet6 fe80::14a6:f8ff:febd:fef3/64 scope link
       valid_lft forever preferred_lft forever

这说明 minikube 节点容器和宿主机就在同一个 192.168.49.0/24 二层网段里，192.168.49.1 实际上就是“minikube 看见的宿主机”。minikube 文档中有说明将 192.168.49.0/24 列为 docker driver 的默认集群网段，并要求放进 NO_PROXY，否则集群内部通信可能异常。

前提条件是 Clash 必须监听到宿主机可被 minikube 访问的地址，而不只是 127.0.0.1。也就是要开启局域网访问，至少要让代理监听到 0.0.0.0:<port> 或 192.168.49.1:<port>。否则 minikube 容器虽然能看到宿主机 IP，但连不上对应端口。minikube 官方对代理的要求也是把一个可达的 HTTP_PROXY/HTTPS_PROXY 地址传给 minikube 和容器运行时。

现在在 minikube 中执行：

1
2
ping -c 1 192.168.49.1
nc -vz 192.168.49.1 7890

输出为：

1
Connection to 192.168.49.1 7890 port [tcp/*] succeeded!

说明使用 192.168.49.1:7890 来作为代理地址是没问题的。

如果可以直接删除原节点，可以：

1
2
3
4
5
6
minikube delete

minikube start \
  --docker-env HTTP_PROXY=http://192.168.49.1:7890 \
  --docker-env HTTPS_PROXY=http://192.168.49.1:7890 \
  --docker-env NO_PROXY=localhost,127.0.0.1,::1,192.168.49.0/24,10.96.0.0/12,10.244.0.0/16,.svc,.cluster.local

或者在原节点内部修改：

如果是 docker driver，可通过 minikube profile list 查看

1
2
3
4
5
6
7
8
sudo mkdir -p /etc/systemd/system/docker.service.d

sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF  
[Service]  
Environment="HTTP_PROXY=http://192.168.49.1:7890"  
Environment="HTTPS_PROXY=http://192.168.49.1:7890"  
Environment="NO_PROXY=localhost,127.0.0.1,192.168.49.0/24,10.96.0.0/12,10.244.0.0/16,.svc,.cluster.local"  
EOF

然后：

1
2
3
sudo systemctl daemon-reexec  
sudo systemctl daemon-reload  
sudo systemctl restart docker