Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Build and proxies

See original GitHub issue

Are there any docs on how to use proxies with rancher desktop and the underlying components (lima and nerdctl)? I have seen a couple of issues (#384, #699) around proxies/env variables but I can’t find any docs or a clear path forward for setting them and being able to build. I am happy to contribute a README or something after this is sorted.

For bugs, describe what you’re seeing I was able to get rancher desktop to launch by setting the http/https env variables, but get issues building images that need to come through a proxy.

During a build, my internal image pulls fine but the external gcr.io one times out. I did try adding build-args with the envs but didn’t work (described here https://github.com/moby/buildkit/issues/971)

❯ nerdctl build .                                                                                                                                             
[+] Building 30.1s (4/4) FINISHED                                                                                                                                                                                                       
 => [internal] load build definition from Dockerfile                                                                                                                                                                               0.0s
 => => transferring dockerfile: 32B                                                                                                                                                                                                0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                  0.0s
 => => transferring context: 35B                                                                                                                                                                                                   0.0s
 => ERROR [internal] load metadata for gcr.io/distroless/static:nonroot                                                                                                                                                           30.0s
 => [internal] load metadata for internal-reg/golang:1.17.1                                                                                                                                           2.8s
------
 > [internal] load metadata for gcr.io/distroless/static:nonroot:
------
error: failed to solve: failed to solve with frontend dockerfile.v0: failed to create LLB definition: failed to do request: Head https://gcr.io/v2/distroless/static/manifests/nonroot: dial tcp 74.125.142.82:443: i/o timeout
FATA[0030] unrecognized image format

But nerdctl pull works “outside” the VM

❯ nerdctl pull gcr.io/distroless/static:nonroot                                                                                                            
gcr.io/distroless/static:nonroot:                                                 resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:bca3c203cdb36f5914ab8568e4c25165643ea9b711b41a8a58b42c80a51ed609:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:213a6d5205aa1421bd128b0396232a22fbb4eec4cbe510118f665398248f6d9a: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:bff4de2cb7e1dd0ed9797c6e33688f32f2ff0293ecee6fa069051081710bb61b:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e8614d09b7bebabd9d8a450f44e88a8807c98a438a2ddd63146865286b132d1b:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 5.0 s                                                                    total:  787.5  (157.4 KiB/s)

nerdctl pull also works “inside” the VM

❯ LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" ./limactl shell 0
lima-rancher-desktop:~$ nerdctl pull gcr.io/distroless/static:nonroot
gcr.io/distroless/static:nonroot:                                                 resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:bca3c203cdb36f5914ab8568e4c25165643ea9b711b41a8a58b42c80a51ed609:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:213a6d5205aa1421bd128b0396232a22fbb4eec4cbe510118f665398248f6d9a: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:bff4de2cb7e1dd0ed9797c6e33688f32f2ff0293ecee6fa069051081710bb61b:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e8614d09b7bebabd9d8a450f44e88a8807c98a438a2ddd63146865286b132d1b:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 5.1 s                                                                    total:  787.5  (154.4 KiB/s)

lima vm has my proxies

❯ LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" ./limactl shell 0
lima-rancher-desktop:~$ env | grep -i proxy | wc -l
8
lima-rancher-desktop:~$ env | grep -i proxy
HTTPS_PROXY=http://my-proxy
no_proxy=my-noproxy
NO_PROXY=my-noproxy
https_proxy=http://my-proxy
http_proxy=http://my-proxy
ftp_proxy=ftp://my-proxy
FTP_PROXY=ftp://my-proxy
HTTP_PROXY=http://my-proxy

To Reproduce Steps to reproduce the behaviour:

  1. Go to ‘…’
  2. Click on ‘…’
  3. Scroll down to ‘…’

Result Try to build an image referencing a public image behind a proxy.

Expected behaviour Public image can be pulled and used as a base image during an image build.

Screenshots If applicable, add screenshots to help explain your problem.

Setup (please complete the following information):

  • OS
    • macOS Big Sur
  • Rancher Desktop version
    • 0.6.1
  • Kubernetes version
    • v1.21.5

Additional context

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:7
  • Comments:12 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
janduboiscommented, Jan 3, 2022

I saw the VPN tag, maybe that should be added here as well?

Isn’t this issue about proxies, which is separate from VPN?

I would agree though that we probably should have a bunch more labels, like area/dns, area/proxy, area/vpn, etc.

1reaction
rumsteadcommented, Dec 13, 2022

A more elegant but less than ideal solution…

Using overrides to toggle between using a proxy and not.

Proxies:

provision:
- mode: system
  script: |
    cat <<EOF > /tmp/proxy.sh
    #!/bin/sh
    export http_proxy="http://foo.com"
    export https_proxy="http://foo.com"
    export no_proxy=kubernetes.docker.internal,127.0.0.1,127.0.0.0/8
    export ftp_proxy="ftp://foo.com/"
    export all_proxy="http://foo.com"
    export HTTP_PROXY="http://foo.com"
    export HTTPS_PROXY="http://foo.com"
    export NO_PROXY=kubernetes.docker.internal,127.0.0.1,127.0.0.0/8
    export FTP_PROXY="ftp://foo.com/"
    export ALL_PROXY="http://foo.com"
    EOF

    echo "source /tmp/proxy.sh" | sed -i -e '7r /dev/stdin' /etc/init.d/docker

No Proxies

provision:
- mode: system
  script: |
    sed -i 's/source \/tmp\/proxy.sh//' /etc/init.d/docker

You have to restart rancher desktop or restart the Lima VM.

A similar approach works with windows a well expect the files need to end in .start and be placed under %APPDATA%\rancher-desktop\provisioning

Read more comments on GitHub >

github_iconTop Results From Across the Web

Build a simple API proxy | Apigee Edge
To access the Create Proxy wizard using the Edge UI: Sign in to apigee.com/edge. Select Develop > API Proxies in the left navigation...
Read more >
How to Create Your Own Online Proxy Server in Minutes
First, open your Settings, then click the Network & Internet section. Click Proxy, then make sure Automatically detect settings is turned on.
Read more >
Step 1: Create an API proxy | Apigee X - Google Cloud
Step 1: Create an API proxy · Open Apigee UI in a browser. · Select Develop > API Proxies in the main view....
Read more >
Configure Docker to use a proxy server - Docker Documentation
On the Docker client, create or edit the file ~/.docker/config.json in the home directory of the user that starts containers. Add JSON similar...
Read more >
Build Your Own VPN Proxy - YouTube
Check out my gear on Kit: https://kit.co/crosstalkIn this video, I detail how to build your own personal VPN proxy server using Streisand.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Kubernetes was unable to start: TypeError [ERR_INVALID_PROTOCOL]: Protocol "http:" not supported. Expected "https:"

Next page

Improve user experience around symlinks for supporting utilities