Proxy variables not set in alpine VM /etc/environment

[tpoindex]

Rancher Desktop Version

1.0.0-beta.1

Rancher Desktop K8s Version

1.23.1

What operating system are you using?

macOS

Operating System / Build Version

Big Sur 11.6

What CPU architecture are you using?

x64

Windows User Only

No response

Actual Behavior

Proxy environment variables are not set in alpine VM /etc/environment. When trying to run/pull images, the image cannot be pulled from a repository due to proxy issues.

This has been fixed in Lima, at least for Lima's default Ubuntu VM.

In my environment, my proxy variables are set in .bashrc, pointing to a proxy machine on the local network. System proxies "System Preferences -> Network -> Wifi (or other active interface) -> Advanced -> Proxies" are set via my organizations automatic proxy configuration script.

Steps to Reproduce

On a network which requires use of a proxy:

• Install Rancher Desktop 1.0.0-beta1 with 'containerd' as runtime.
• nerdtcl run --rm hello-world

Result

Fetching remote images times out, due to proxy.

Expected Behavior

Proxy variables should be set in the Alpine VM in /etc/environment. This allows images to be fetched.

WORK AROUND:
Start Rancher Desktop, wait for VM to be up an running, then execute this command:

set | grep -iE '^[a-z]*_proxy=' | ssh \
     -p $(awk '/localPort/ {print $2}' < ~/Library/Application\ Support/rancher-desktop/lima/0/lima.yaml) \
     -i ~/Library/Application\ Support/rancher-desktop/lima/_config/user \
     localhost 'sudo bash -c "cat >> /etc/environment; /etc/init.d/k3s restart"'

After running this command, remote images can be fetched as usual.

Additional Information

Consider adding a new "Proxies" tab, or section on "Troubleshooting" to manually enter proxy variables, Allow multiple variables to be set, one per line in the form of:

http_proxy=http://myproxy:1234
https_proxy=http://myproxy:1234
socks_proxy=http://myproxy:1234
etc.

"Apply" button should validate the proxy variables by: coercing the variable names as all lower case, using the regexp '^[a-z]*_proxy=', duplicate the variable name as upper case, and copy the resulting lines to the VM /etc/environment. Proxy values should be accepted as is, which will allow for userid:password, if needed, e.g., "http_proxy=http://userid:pass@myproxy:1234"

The resulting lines in /etc/environment should look like:

http_proxy=http://myproxy:1234
HTTP_PROXY=http://proxy:1234
etc.

After setting /etc/environment, restart k3s by executing "/etc/environment /etc/init.d/k3s restart"'

These steps should also be applied when starting Rancher Desktop after a power up, or after "Factory Reset".

[jandubois]

Proxy environment variables are not set in alpine VM /etc/environment. When trying to run/pull images, the image cannot be pulled from a repository due to proxy issues.

This has been fixed in Lima, at least for Lima's default Ubuntu VM.

Rancher Desktop uses lima internally, so the code should be the same, but there are differences in execution environment: Rancher Desktop will be started by launchd (so doesn't see your .bashrc settings), whereas I assume you run limactl start from a shell.

In my environment, my proxy variables are set in .bashrc, pointing to a proxy machine on the local network. System proxies "System Preferences -> Network -> Wifi (or other active interface) -> Advanced -> Proxies" are set via my organizations automatic proxy configuration script.

Lima inherits proxy settings from the network preferences for the en0 network automatically (I thought I had changed it to use the default gateway interface, but it looks like it is not implemented). So you should see these proxy settings in your VM, even when started by Rancher Desktop.

Lima will override proxy settings from the process environment when you run limactl start. So this override will not happen for Rancher Desktop because it is not launched from your shell.

Consider adding a new "Proxies" tab, or section on "Troubleshooting" to manually enter proxy variables

Yes, we definitely need to be able to configure this via the GUI. Right now you can do this manually using an override.yaml file:

$ cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
env:
  http_proxy=http://myproxy:1234
  https_proxy=http://myproxy:1234

Lima should automatically add the uppercase variants, so you only need to specify one set.

[jandubois]

I've switched the label from "bug" to "enhancement", as the code does what it is supposed to do.

I've also filed lima-vm/lima#563 for Lima to pick proxy settings from the correct interface, but I guess this still wouldn't have worked for you because you don't want to use the results of the automatic proxy config script.

[jun109]

This issue is similar for Windows + WSL2, but I understand that the same workaround as MacOS cannot be used, is that correct?

[jandubois]

I understand that the same workaround as MacOS cannot be used, is that correct?

Yes, the workaround is specific to Lima, and on Windows we use WSL2, not Lima. Not sure what we can do there; @mook-as any ideas?

[mook-as]

Hmm, nothing we can support long term, but as a temporary hack, do this in the rancher-desktop WSL distribution:

1. Edit /etc/rc.conf and append rc_env_allow="http_proxy http_proxy" (and anything else you want).
2. Create /etc/environment with the desired contents (e.g. http_proxy=http://nowhere.invalid:1234).

Note that those files may get wiped on Rancher Desktop upgrades and factory resets.

We cannot promise that this will continue to work in the future (though we don't have specific plans to break them right now).

[tpoindex]

Jan, thanks for the override.yaml tip for setting proxy variables, however, I think you meant:

env:
  http_proxy: http://myproxy:1234
  https_proxy: http://myproxy:1234

That does set proxy variables.
YAML is such a mix between useful and down right persnickety syntax sometimes!

I'm still having problems using docker/moby as the container runtime, I suspect there's still some proxy issue. Containerd runtime with nerdctl works quite well.

[jandubois]

I think you meant

yes, indeed. I copied my override.yaml file, but then inserted your environment settings and forgot to replace the = characters with : .

I'm still having problems using docker/moby as the container runtime,

Please create a separate issue for this; it is different from not setting the environment variables.

[mnoworzyn]

We will really like to have the GUI configuration:

Consider adding a new "Proxies" tab, or section on "Troubleshooting" to manually enter proxy variables

As we work almost entirely remotely we often turn on and off the corporate VPN and have to enable/disable the proxy settings therefore a "Proxies" tab that remembers the settings even if the proxy is disabled would be most helpful.

[pboushy]

As y'all consider adding a GUI to handle proxies, one thing that would be AMAZING is if y'all made it where we can provide a host that is only available when the proxy is available, and it configures the env variables when that host is reachable.

This would allow companies who have to use a proxy on the internal network, but not outside the network to work flawlessly without issue.