-
Notifications
You must be signed in to change notification settings - Fork 5k
Add remote support for SSH and TLS docker contexts #20981
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: einyx The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Welcome @einyx! |
Hi @einyx. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Can one of the admins verify this patch? |
96de3d5
to
a1ec633
Compare
@einyx interessting PR ! I am curious do you mind sharing what are your use cases, why did you think about using a remote context ? |
0b4a985
to
c8b67f6
Compare
Hi @medyagh! The motivation here is that selfishly I frequently work across multiple machines, Since my Linux workstation has significantly more resources (CPU, RAM, etc.), Use cases this enables:
Attached log from latest minikube run over TLS docker context: Happy to discuss any concerns or alternative approaches! |
/ok-to-test |
thank you that makes sense ! I am curious have you tried it on only mac ? does it also work on linux to linux or windows to linux ? if this opens any "remote listening" on minikube vm ? |
d956355
to
66f099f
Compare
/retest |
The following users are mentioned in OWNERS file(s) but are untrusted for the following reasons. One way to make the user trusted is to add them as members of the kubernetes org. You can then trigger verification by writing
|
Hi @medyagh! Currently yes, This is explicitly warned about in the code with a user-visible warning only when a remote context is detected:
We could potentially add a detection mechanism for the remote docker daemon or let the user decide with a flag I personally don't like the SSH implementation for production use, is something I did initially for easy of use and is nice to have, maybe, but I am happy to amend as you see fit, admittedly TLS is much more solid and performant for this so I stopped using the SSH remote context myself after a while. Can test this on a vm and get back to you soon. Cheers! |
This PR extends the existing remote Docker context support to handle TLS-secured Docker daemons, enabling minikube to work with both SSH and TLS remote Docker contexts.
TLS Certificate Management (
pkg/drivers/kic/oci/context.go
):Connection Routing (
pkg/drivers/kic/kic.go
):Environment Configuration:
DOCKER_TLS_VERIFY=1
andDOCKER_CERT_PATH
for TLS contextsTesting: