ole的知识小站

docker代理与minikube代理

wangjm

Configure the Docker daemon to use a proxy server

(配置 Docker 守护进程以使用代理服务器)

这种情况适用于: linux环境,使用systemd启动docker daemon。

参见:https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

The Docker daemon uses the following environment variables in its start-up environment to configure HTTP or HTTPS proxy behavior: Docker 守护进程在其启动环境中使用以下环境变量来配置 HTTP 或 HTTPS 代理行为:

  • HTTP_PROXY
  • http_proxy
  • HTTPS_PROXY
  • https_proxy
  • NO_PROXY
  • no_proxy

In Docker Engine version 23.0 and later versions, you may also configure proxy behavior for the daemon in the daemon.json file: 在 Docker Engine 23.0 及更高版本中,您还可以在 daemon.json 文件中为守护进程配置代理行为:

{
  "proxies": {
    "http-proxy": "http://proxy.example.com:3128",
    "https-proxy": "https://proxy.example.com:3129",
    "no-proxy": "*.test.example.com,.example.org,127.0.0.0/8"
  }
}

These configurations override the default docker.service systemd file. 这些配置会覆盖默认的 docker.service systemd 文件。

If you are behind an HTTP or HTTPS proxy server, for example in corporate settings, the daemon proxy configurations must be specified in the systemd service file, not in the daemon.json file or using environment variables. 如果您位于 HTTP 或 HTTPS 代理服务器后面(例如在公司设置中),则必须在 systemd 服务文件中指定守护程序代理配置,而不是在 daemon.json 文件中或使用环境变量。

Note for rootless mode 无根模式注意事项

The location of systemd configuration files are different when running Docker in rootless mode. When running in rootless mode, Docker is started as a user-mode systemd service, and uses files stored in each users’ home directory in ~/.config/systemd/user/docker.service.d/. In addition, systemctl must be executed without sudo and with the --user flag. Select the “rootless mode” tab below if you are running Docker in rootless mode. 在 rootless 模式下运行 Docker 时,systemd 配置文件的位置有所不同。当在无根模式下运行时,Docker 作为用户模式 ​​systemd 服务启动,并使用存储在 ~/.config/systemd/user/docker.service.d/ 中每个用户主目录中的文件。此外, systemctl 必须在没有 sudo 且带有 --user 标志的情况下执行。如果您在无根模式下运行 Docker,请选择下面的“无根模式”选项卡。

根据你是否有root 权限,以下分为两种配置方式:

regulart install

rootless install

  • regular install 常规安装

  1. Create a systemd drop-in directory for the docker service: 为 docker 服务创建一个 systemd 插入目录:

    $ sudo mkdir -p /etc/systemd/system/docker.service.d

  2. Create a file named /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable: 创建一个名为 /etc/systemd/system/docker.service.d/http-proxy.conf 的文件,添加 HTTP_PROXY 环境变量:

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"

    If you are behind an HTTPS proxy server, set the HTTPS_PROXY environment variable: 如果您位于 HTTPS 代理服务器后面,请设置 HTTPS_PROXY 环境变量:

    [Service]
Environment="HTTPS_PROXY=https://proxy.example.com:3129"

    Multiple environment variables can be set; to set both a non-HTTPS and a HTTPs proxy; 可设置多个环境变量;设置非 HTTPS 和 HTTPs 代理;

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"

    Note 笔记

    Special characters in the proxy value, such as #?!()[]{}, must be double escaped using %%. For example: 代理值中的特殊字符(例如 #?!()[]{} )必须使用 %% 进行双重转义。例如:

    [Service]
Environment="HTTP_PROXY=http://domain%%5Cuser:complex%%23pass@proxy.example.com:3128/"

  3. If you have internal Docker registries that you need to contact without proxying, you can specify them via the NO_PROXY environment variable. 如果您有需要在不使用代理的情况下联系的内部 Docker 注册表,则可以通过 NO_PROXY 环境变量指定它们。

    The NO_PROXY variable specifies a string that contains comma-separated values for hosts that should be excluded from proxying. These are the options you can specify to exclude hosts: NO_PROXY 变量指定一个字符串,其中包含应从代理中排除的主机的逗号分隔值。您可以指定以下选项来排除主机:

    • IP address prefix (1.2.3.4) IP 地址前缀 ( 1.2.3.4 )

    • Domain name, or a special DNS label (*) 域名,或特殊的 DNS 标签 ( * )

    • A domain name matches that name and all subdomains. A domain name with a leading “.” matches subdomains only. For example, given the domains

      foo.example.com

      and

      example.com

      :

      域名与该名称和所有子域相匹配。以“.”开头的域名仅匹配子域。例如,给定域 foo.example.comexample.com

      • example.com matches example.com and foo.example.com, and example.com 匹配 example.comfoo.example.com ,并且
      • .example.com matches only foo.example.com .example.com 仅匹配 foo.example.com

    • A single asterisk (*) indicates that no proxying should be done 单个星号 ( * ) 表示不应进行代理

    • Literal port numbers are accepted by IP address prefixes (1.2.3.4:80) and domain names (foo.example.com:80) IP 地址前缀 ( 1.2.3.4:80 ) 和域名 ( foo.example.com:80 ) 接受文字端口号

    Config example: 配置示例:

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"

  4. Flush changes and restart Docker 刷新更改并重新启动 Docker

    $ sudo systemctl daemon-reload
$ sudo systemctl restart docker

  5. Verify that the configuration has been loaded and matches the changes you made, for example: 验证配置是否已加载并与您所做的更改相匹配,例如:

    $ sudo systemctl show --property=Environment docker

  • rootless mode 无根模式

  1. Create a systemd drop-in directory for the docker service: 为 docker 服务创建一个 systemd 插入目录:

    $ mkdir -p ~/.config/systemd/user/docker.service.d

  2. Create a file named ~/.config/systemd/user/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable: 创建一个名为 ~/.config/systemd/user/docker.service.d/http-proxy.conf 的文件,添加 HTTP_PROXY 环境变量:

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"

    If you are behind an HTTPS proxy server, set the HTTPS_PROXY environment variable: 如果您位于 HTTPS 代理服务器后面,请设置 HTTPS_PROXY 环境变量:

    [Service]
Environment="HTTPS_PROXY=https://proxy.example.com:3129"

    Multiple environment variables can be set; to set both a non-HTTPS and a HTTPs proxy; 可设置多个环境变量;设置非 HTTPS 和 HTTPs 代理;

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"

    Note 笔记

    Special characters in the proxy value, such as #?!()[]{}, must be double escaped using %%. For example: 代理值中的特殊字符(例如 #?!()[]{} )必须使用 %% 进行双重转义。例如:

    [Service]
Environment="HTTP_PROXY=http://domain%%5Cuser:complex%%23pass@proxy.example.com:3128/"

  3. If you have internal Docker registries that you need to contact without proxying, you can specify them via the NO_PROXY environment variable. 如果您有需要在不使用代理的情况下联系的内部 Docker 注册表,则可以通过 NO_PROXY 环境变量指定它们。

    The NO_PROXY variable specifies a string that contains comma-separated values for hosts that should be excluded from proxying. These are the options you can specify to exclude hosts: NO_PROXY 变量指定一个字符串,其中包含应从代理中排除的主机的逗号分隔值。您可以指定以下选项来排除主机:

    • IP address prefix (1.2.3.4) IP 地址前缀 ( 1.2.3.4 )

    • Domain name, or a special DNS label (*) 域名,或特殊的 DNS 标签 ( * )

    • A domain name matches that name and all subdomains. A domain name with a leading “.” matches subdomains only. For example, given the domains

      foo.example.com

      and

      example.com

      :

      域名与该名称和所有子域相匹配。以“.”开头的域名仅匹配子域。例如,给定域 foo.example.comexample.com

      • example.com matches example.com and foo.example.com, and example.com 匹配 example.comfoo.example.com ,并且
      • .example.com matches only foo.example.com .example.com 仅匹配 foo.example.com

    • A single asterisk (*) indicates that no proxying should be done 单个星号 ( * ) 表示不应进行代理

    • Literal port numbers are accepted by IP address prefixes (1.2.3.4:80) and domain names (foo.example.com:80) IP 地址前缀 ( 1.2.3.4:80 ) 和域名 ( foo.example.com:80 ) 接受文字端口号

    Config example: 配置示例:

    [Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=https://proxy.example.com:3129"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"

  4. Flush changes and restart Docker 刷新更改并重新启动 Docker

    $ systemctl --user daemon-reload
$ systemctl --user restart docker

  5. Verify that the configuration has been loaded and matches the changes you made, for example: 验证配置是否已加载并与您的更改匹配 制作,例如:

    $ systemctl --user show --property=Environment docker

Configure Docker to use a proxy server 配置 Docker 使用代理服务器

转载来源:https://docs.docker.com/network/proxy/

This page describes how to configure the Docker CLI to use proxies via environment variables in containers. 本页介绍如何配置 Docker CLI 以通过容器中的环境变量使用代理。

This page doesn’t describe how to configure proxies for the Docker daemon. For instructions on configuring Docker Desktop to use HTTP/HTTPS proxies, see proxies on Mac, proxies on Windows, and proxies on Linux. 本页不描述如何为 Docker 守护进程配置代理。有关配置 Docker Desktop 以使用 HTTP/HTTPS 代理的说明,请参阅 Mac 上的代理、Windows 上的代理和 Linux 上的代理。

If you’re running Docker Engine without Docker Desktop, refer to Configure the Docker daemon to use a proxy server to learn how to configure a proxy server for the Docker daemon (dockerd) itself. 如果您在没有 Docker Desktop 的情况下运行 Docker Engine,请参阅配置 Docker 守护程序以使用代理服务器,了解如何为 Docker 守护程序 ( dockerd ) 本身配置代理服务器。

If your container needs to use an HTTP, HTTPS, or FTP proxy server, you can configure it in different ways: 如果您的容器需要使用 HTTP、HTTPS 或 FTP 代理服务器,您可以通过不同的方式进行配置:

Note 笔记

Unfortunately, there’s no standard that defines how web clients should handle proxy environment variables, or the format for defining them. 不幸的是,没有标准定义 Web 客户端应如何处理代理环境变量或定义它们的格式。

If you’re interested in the history of these variables, check out this blog post on the subject, by the GitLab team: We need to talk: Can we standardize NO_PROXY?. 如果您对这些变量的历史感兴趣,请查看 GitLab 团队关于该主题的博客文章:我们需要谈谈:我们可以标准化 NO_PROXY 吗?

Configure the Docker client 配置 Docker 客户端🔗

You can add proxy configurations for the Docker client using a JSON configuration file, located in ~/.docker/config.json. Builds and containers use the configuration specified in this file. 您可以使用位于 ~/.docker/config.json 中的 JSON 配置文件为 Docker 客户端添加代理配置。构建和容器使用此文件中指定的配置。

{
 "proxies": {
   "default": {
     "httpProxy": "http://proxy.example.com:3128",
     "httpsProxy": "https://proxy.example.com:3129",
     "noProxy": "*.test.example.com,.example.org,127.0.0.0/8"
   }
 }
}

Warning 警告

Proxy settings may contain sensitive information. For example, some proxy servers require authentication information to be included in their URL, or their address may expose IP-addresses or hostnames of your company’s environment. 代理设置可能包含敏感信息。例如,某些代理服务器要求在其 URL 中包含身份验证信息,或者其地址可能会暴露公司环境的 IP 地址或主机名。

Environment variables are stored as plain text in the container’s configuration, and as such can be inspected through the remote API or committed to an image when using docker commit. 环境变量以纯文本形式存储在容器的配置中,因此可以通过远程 API 检查或在使用 docker commit 时提交到图像。

The configuration becomes active after saving the file, you don’t need to restart Docker. However, the configuration only applies to new containers and builds, and doesn’t affect existing containers. 保存文件后配置生效,无需重新启动 Docker。但是,该配置仅适用于新容器和构建,不会影响现有容器。

The following table describes the available configuration parameters. 下表描述了可用的配置参数。

Property 财产 Description 描述
httpProxy Sets the HTTP_PROXY and http_proxy environment variables and build arguments. 设置 HTTP_PROXYhttp_proxy 环境变量和构建参数。
httpsProxy Sets the HTTPS_PROXY and https_proxy environment variables and build arguments. 设置 HTTPS_PROXYhttps_proxy 环境变量和构建参数。
ftpProxy Sets the FTP_PROXY and ftp_proxy environment variables and build arguments. 设置 FTP_PROXYftp_proxy 环境变量和构建参数。
noProxy Sets the NO_PROXY and no_proxy environment variables and build arguments. 设置 NO_PROXYno_proxy 环境变量和构建参数。
allProxy Sets the ALL_PROXY and all_proxy environment variables and build arguments. 设置 ALL_PROXYall_proxy 环境变量和构建参数。

These settings are used to configure proxy environment variables for containers only, and not used as proxy settings for the Docker CLI or the Docker Engine itself. Refer to the environment variables and configure the Docker daemon to use a proxy server sections for configuring proxy settings for the CLI and daemon. 这些设置仅用于为容器配置代理环境变量,而不用作 Docker CLI 或 Docker 引擎本身的代理设置。请参阅环境变量并将 Docker 守护程序配置为使用代理服务器部分来配置 CLI 和守护程序的代理设置。

Run containers with a proxy configuration 使用代理配置运行容器🔗

When you start a container, its proxy-related environment variable are set to reflect your proxy configuration in ~/.docker/config.json. 当您启动容器时,其代理相关的环境变量将设置为反映 ~/.docker/config.json 中的代理配置。

For example, assuming a proxy configuration like the example shown in the earlier section, environment variables for containers that you run are set as follows: 例如,假设代理配置如前面部分中所示的示例,则您运行的容器的环境变量设置如下:

$ docker run --rm alpine sh -c 'env | grep -i  _PROXY'
https_proxy=http://proxy.example.com:3129
HTTPS_PROXY=http://proxy.example.com:3129
http_proxy=http://proxy.example.com:3128
HTTP_PROXY=http://proxy.example.com:3128
no_proxy=*.test.example.com,.example.org,127.0.0.0/8
NO_PROXY=*.test.example.com,.example.org,127.0.0.0/8

Build with a proxy configuration 使用代理配置构建 🔗

When you invoke a build, proxy-related build arguments are pre-populated automatically, based on the proxy settings in your Docker client configuration file. 当您调用构建时,会根据 Docker 客户端配置文件中的代理设置自动预先填充与代理相关的构建参数。

Assuming a proxy configuration like the example shown in the earlier section, environment are set as follows during builds: 假设代理配置如前面部分所示的示例,环境在构建过程中设置如下:

$ docker build \
  --no-cache \
  --progress=plain \
  - <<EOF
FROM alpine
RUN env | grep -i _PROXY
EOF
#5 [2/2] RUN env | grep -i _PROXY
#5 0.100 HTTPS_PROXY=https://proxy.example.com:3129
#5 0.100 no_proxy=*.test.example.com,.example.org,127.0.0.0/8
#5 0.100 NO_PROXY=*.test.example.com,.example.org,127.0.0.0/8
#5 0.100 https_proxy=https://proxy.example.com:3129
#5 0.100 http_proxy=http://proxy.example.com:3128
#5 0.100 HTTP_PROXY=http://proxy.example.com:3128
#5 DONE 0.1s

Configure proxy settings per daemon 配置每个守护进程的代理设置 🔗

The default key under proxies in daemon.json configures the proxy settings for all daemons that the client connects to. To configure the proxies for individual daemons, use the address of the daemon instead of the default key. daemon.jsonproxies 下的 default 键配置客户端连接到的所有守护程序的代理设置。要为各个守护程序配置代理,请使用守护程序的地址而不是 default 键。

The following example configures both a default proxy config, and a no-proxy override for the Docker daemon on address tcp://docker-daemon1.example.com: 以下示例为地址 tcp://docker-daemon1.example.com 上的 Docker 守护进程配置默认代理配置和无代理覆盖:

{
 "proxies": {
   "default": {
     "httpProxy": "http://proxy.example.com:3128",
     "httpsProxy": "https://proxy.example.com:3129",
     "noProxy": "*.test.example.com,.example.org,127.0.0.0/8"
   }
   "tcp://docker-daemon1.example.com": {
     "noProxy": "*.internal.example.net"
   }
 }
}

Set proxy using the CLI 使用 CLI 设置代理 🔗

Instead of configuring the Docker client, you can specify proxy configurations on the command-line when you invoke the docker build and docker run commands. 您可以在调用 docker builddocker run 命令时在命令行上指定代理配置,而不是配置 Docker 客户端。

Proxy configuration on the command-line uses the --build-arg flag for builds, and the --env flag for when you want to run containers with a proxy. 命令行上的代理配置使用 --build-arg 标志进行构建,并在您想要使用代理运行容器时使用 --env 标志。

$ docker build --build-arg HTTP_PROXY="http://proxy.example.com:3128" .
$ docker run --env HTTP_PROXY="http://proxy.example.com:3128" redis

For a list of all the proxy-related build arguments that you can use with the docker build command, see Predefined ARGs. These proxy values are only available in the build container. They’re not included in the build output. 有关可与 docker build 命令一起使用的所有代理相关构建参数的列表,请参阅预定义 ARG。这些代理值仅在构建容器中可用。它们不包含在构建输出中。

Proxy as environment variable for builds 代理作为构建的环境变量🔗

Don’t use the ENV Dockerfile instruction to specify proxy settings for builds. Use build arguments instead. 不要使用 ENV Dockerfile 指令来指定构建的代理设置。请改用构建参数。

Using environment variables for proxies embeds the configuration into the image. If the proxy is an internal proxy, it might not be accessible for containers created from that image. 使用代理的环境变量将配置嵌入到映像中。如果代理是内部代理,则从该映像创建的容器可能无法访问它。

Embedding proxy settings in images also poses a security risk, as the values may include sensitive information. 在图像中嵌入代理设置也会带来安全风险,因为这些值可能包含敏感信息。

Minikube Proxies and VPNs 代理和 VPN

转载来源:https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/

How to use minikube with a VPN or HTTP/HTTPS Proxy 如何通过 VPN 或 HTTP/HTTPS 代理使用 minikube

minikube requires access to the internet via HTTP, HTTPS, and DNS protocols. minikube 需要通过 HTTP、HTTPS 和 DNS 协议访问互联网。

Proxy 代理人

If a HTTP proxy is required to access the internet, you may need to pass the proxy connection information to both minikube and Docker using environment variables: 如果需要 HTTP 代理来访问互联网,您可能需要使用环境变量将代理连接信息传递给 minikube 和 Docker:

  • HTTP_PROXY – The URL to your HTTP proxy HTTP_PROXY – HTTP 代理的 URL
  • HTTPS_PROXY – The URL to your HTTPS proxy HTTPS_PROXY – HTTPS 代理的 URL
  • NO_PROXY – A comma-separated list of hosts which should not go through the proxy. NO_PROXY – 不应通过代理的主机的逗号分隔列表。

The NO_PROXY variable here is important: Without setting it, minikube may not be able to access resources within the VM. minikube uses four default IP ranges, which should not go through the proxy: 这里的 NO_PROXY 变​​量很重要:如果不设置它,minikube 可能无法访问 VM 内的资源。 minikube 使用四个默认 IP 范围,不应通过代理:

  • 192.168.59.0/24: Used by the minikube VM. Configurable for some hypervisors via --host-only-cidr 192.168.59.0/24:由 minikube 虚拟机使用。可通过 --host-only-cidr 为某些虚拟机管理程序进行配置
  • 192.168.39.0/24: Used by the minikube kvm2 driver. 192.168.39.0/24:由 minikube kvm2 驱动程序使用。
  • 192.168.49.0/24: Used by the minikube docker driver’s first cluster. 192.168.49.0/24:由 minikube docker 驱动程序的第一个集群使用。
  • 10.96.0.0/12: Used by service cluster IP’s. Configurable via --service-cluster-ip-range 10.96.0.0/12:由服务集群 IP 使用。可通过 --service-cluster-ip-range 配置

One important note: If NO_PROXY is required by non-Kubernetes applications, such as Firefox or Chrome, you may want to specifically add the minikube IP to the comma-separated list, as they may not understand IP ranges (#3827). 一个重要的注意事项:如果非 Kubernetes 应用程序(例如 Firefox 或 Chrome)需要 NO_PROXY,您可能需要专门将 minikube IP 添加到逗号分隔的列表中,因为它们可能不理解 IP 范围(#3827)。

Example Usage 用法示例

macOS and Linux macOS 和 Linux

export HTTP_PROXY=http://<proxy hostname:port>
export HTTPS_PROXY=https://<proxy hostname:port>
export NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.59.0/24,192.168.49.0/24,192.168.39.0/24

minikube start

Copy

To make the exported variables permanent, consider adding the declarations to ~/.bashrc or wherever your user-set environment variables are stored. 要使导出的变量永久存在,请考虑将声明添加到 ~/.bashrc 或存储用户设置的环境变量的任何位置。

Windows 视窗

set HTTP_PROXY=http://<proxy hostname:port>
set HTTPS_PROXY=https://<proxy hostname:port>
set NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.59.0/24,192.168.49.0/24,192.168.39.0/24

minikube start

Copy

To set these environment variables permanently, consider adding these to your system settings or using setx 要永久设置这些环境变量,请考虑将它们添加到系统设置中或使用 setx

Troubleshooting 故障排除

unable to cache ISO… connection refused 无法缓存 ISO…连接被拒绝

Unable to start VM: unable to cache ISO: https://storage.googleapis.com/minikube/iso/minikube.iso:
failed to download: failed to download to temp file: download failed: 5 error(s) occurred:

* Temporary download error: Get https://storage.googleapis.com/minikube/iso/minikube.iso:
proxyconnect tcp: dial tcp <host>:<port>: connect: connection refused

Copy

This error indicates that the host:port combination defined by HTTPS_PROXY or HTTP_PROXY is incorrect, or that the proxy is unavailable. 此错误表示 HTTPS_PROXY 或 HTTP_PROXY 定义的主机:端口组合不正确,或者代理不可用。

Unable to pull images..Client.Timeout exceeded while awaiting headers 无法提取图像..Client.等待标头时超时

Unable to pull images, which may be OK:

failed to pull image "registry.k8s.io/kube-apiserver:v1.13.3": output: Error response from daemon:
Get https://registry.k8s.io/v2/: net/http: request canceled while waiting for connection
(Client.Timeout exceeded while awaiting headers)

Copy

This error indicates that the container runtime running within the VM does not have access to the internet. Verify that you are passing the appropriate value to --docker-env HTTPS_PROXY. 此错误表明虚拟机中运行的容器运行时无法访问互联网。验证您是否将适当的值传递给 --docker-env HTTPS_PROXY

x509: certificate signed by unknown authority x509:由未知机构签署的证书

[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-apiserver:v1.13.3:
output: Error response from daemon:
Get https://registry.k8s.io/v2/: x509: certificate signed by unknown authority

Copy

This is because minikube VM is stuck behind a proxy that rewrites HTTPS responses to contain its own TLS certificate. The solution is to install the proxy certificate into a location that is copied to the VM at startup, so that it can be validated. 这是因为 minikube VM 被困在代理后面,该代理重写 HTTPS 响应以包含其自己的 TLS 证书。解决方案是将代理证书安装到启动时复制到 VM 的位置,以便对其进行验证。

Ask your IT department for the appropriate PEM file, and add it to: 向您的 IT 部门索取适当的 PEM 文件,并将其添加到:

~/.minikube/files/etc/ssl/certs

or

~/.minikube/certs

Then run minikube delete and minikube start. 然后运行 ​​ minikube deleteminikube start

downloading binaries: proxyconnect tcp: tls: oversized record received with length 20527 下载二进制文件:proxyconnect tcp:tls:收到长度为 20527 的超大记录

The supplied value of HTTPS_PROXY is probably incorrect. Verify that this value is not pointing to an HTTP proxy rather than an HTTPS proxy. 提供的 HTTPS_PROXY 值可能不正确。验证该值是否指向 HTTP 代理而不是 HTTPS 代理。

VPN

minikube requires access from the host to the following IP ranges: minikube 需要主机访问以下 IP 范围:

  • 192.168.59.0/24: Used by the minikube VM. Configurable for some hypervisors via --host-only-cidr 192.168.59.0/24:由 minikube 虚拟机使用。可通过 --host-only-cidr 为某些虚拟机管理程序进行配置
  • 192.168.39.0/24: Used by the minikube kvm2 driver. 192.168.39.0/24:由 minikube kvm2 驱动程序使用。
  • 10.96.0.0/12: Used by service cluster IP’s. Configurable via --service-cluster-ip-range 10.96.0.0/12:由服务集群 IP 使用。可通过 --service-cluster-ip-range 配置

Unfortunately, many VPN configurations route packets to these destinations through an encrypted tunnel, rather than allowing the packets to go to the minikube VM. 不幸的是,许多 VPN 配置通过加密隧道将数据包路由到这些目的地,而不是允许数据包发送到 minikube VM。

Possible workarounds 可能的解决方法

  1. If you have access, whitelist the above IP ranges in your VPN software 如果您有访问权限,请在您的 VPN 软件中将上述 IP 范围列入白名单
  2. In your VPN software, select an option similar to “Allow local (LAN) access when using VPN” (Cisco VPN example) 在 VPN 软件中,选择类似于“使用 VPN 时允许本地 (LAN) 访问”的选项(思科 VPN 示例)
  3. You may have luck selecting alternate values to the --host-only-cidr and --service-cluster-ip-range flags. 您可能会幸运地选择 --host-only-cidr--service-cluster-ip-range 标志的替代值。
  4. Turn off the VPN 关闭VPN

评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注