Open ripun opened 2 years ago
@jandubois Thanks for your session during kubecon , can you please advise here ?
Hi All, i tried to configure below proxy in /etc/conf.d/docker and restart Rancher desktop then initially k3s fails to start but docker daemon works perfectly and is able to pull images using proxy then again i tried to restart RD and it was fine and k3s/kubectl commands were working fine too
for MacOs:
HTTP_PROXY="xxxx"
HTTPS_PROXY="xxxx"
NO_PROXY="localhost,127.0.0.1,xxxxx"
export HTTP_PROXY
export HTTPS_PROXY
export NO_PROXY
Make sure to update /etc/rc.conf rc_env_allow="*" #so that k3s and other daemons can get your proxy configs
@byjrack @jandubois can you please advise what's the correct way to configure http_proxy for windows 10/11 rancher desktop installations
So I don't believe there is a right or wrong at this point which is the focus of https://github.com/rancher-sandbox/rancher-desktop/labels/area%2Fproxy
So I have been most successful at the WSLENV variable in my User environment variables. That is then combined with editing rc_env_allow. I have used a provisioning script to keep that up to date across upgrades.
#!/bin/sh
if ! grep -q "^rc_env_allow" /etc/rc.conf; then
echo "rc_env_allow=\"*\"" >> /etc/rc.conf
fi
My issue is the proxy seems to break the CNI flows for k3s and I can't exclude those from the proxy as curl doesn't support CIDR blocks. docker/containerd works great even using the proxy, but you turn on k3s and it starts to connect to internal sidecars it fails because it starts to follow the proxy which won't work. I don't have a good fix for that or really able to figure out why macos/limavm results are so different than windows/wsl.
Thanks @byjrack let me try for windows wsl this setting Indeed it would be great if Rancher Desktop team can see how we can have k3s(RD) working behind corporate firewall on windows
Any news here? Is there maybe an easy way to enable a proxy for rancher-desktop on windows?
On Windows you can set the following environment variables and propagate these to WSL using the WSLENV variable like this: Also see: https://github.com/MicrosoftDocs/WSL/issues/244
setx HTTP_PROXY http://your_proxy_server
setx HTTPS_PROXY https://your_ssl_proxy_server
rem the separator of variables to share is ":"
setx WSLENV HTTP_PROXY:HTTPS_PROXY
After setting these variables you will have to restart Rancher-Desktop, after that you can check if the variables have been propagated by WSL by entering the following command in windows:
wsl -d rancher-desktop echo ${HTTP_PROXY}
wsl -d rancher-desktop echo ${HTTPS_PROXY}
Yeah I use the same. Only issue has been it's effect on Kubernetes as I can't figure out a scalable no_proxy https://github.com/rancher-sandbox/rancher-desktop/issues/2147
for macOs it works with above solution https://github.com/rancher-sandbox/rancher-desktop/issues/2259#issuecomment-1136833849
Thank you for the feedback and helping out!
I'm going to re-open this issue and ask that the information be added to the docs.
I was able to set these up using provisioning scripts
https://github.com/rancher-sandbox/rancher-desktop/issues/897#issuecomment-1163141719
Thanks @ripun and @byjrack I got it working after following y'alls tips.
It would be great to have these options in the GUI tho
I believe the initial proxy feature is targeted at the next release (1.9). I am sure there will be some corner cases missed, but its going in the right direction
Just to manage expectations, the next release will be called 1.9-tech-preview (and should be out next week before Kubecon). The new proxy stuff will be in the following release, which is currently using the 1.10 milestone, but will actually be the real 1.9. But that is still a little bit away.
FYI: If your proxy is running on "localhost", ie. on the machine where you run Rancher, then use host.lima.internal
as hostname.
Example: Add this to /etc/init.d/docker
:
HTTP_PROXY=http://host.lima.internal:8079
HTTPS_PROXY=http://host.lima.internal:8079
export HTTPS_PROXY HTTP_PROXY
Actual Behavior
I am using rancher desktop(docker cli) behind corporate firewall and need to use httpProxy/httpsProxy/HTTP_PROXY/HTTPS_PROXY to fetch images from public container registries. without VPN i am able to fetch images from public container registries but when connected to VPN and if proxy is configured as part of /etc/docker/daemon.json then Rancher Desktop fails to start. Based on docker documentation it seems file /etc/docker/daemon.json cannot be used for HTTP_PROXY/HTTPS_PROXY configuration
Steps to Reproduce
Steps to reproduce:
rdctl shell
/etc/conf.d/docker
to haveDOCKER_OPTS="--config-file=/etc/docker/daemon.json"
If I remove /etc/docker/daemon.json and try to restart RD then RD restarts without any issue
I tried configuring proxy in ~/.docker/config.json but this does not help
Result
RD startup fails in k3s stage with below errors
Expected Behavior
Need some way to enable http_proxy and https_proxy as part of Rancher desktop
Additional Information
Not sure how can we leverage systemd variables as part of lima to enable HTTP_PROXY
Rancher Desktop Version
1.3
Rancher Desktop K8s Version
v1.22.6
Which container runtime are you using?
moby (docker cli)
What operating system are you using?
macOS
Operating System / Build Version
macOS Big Sur 11.5.1 Intel core i7
What CPU architecture are you using?
x64
Linux only: what package format did you use to install Rancher Desktop?
No response
Windows User Only
NA , I am running on macOS