Add remote support for SSH and TLS docker contexts

Author: einyx

cmd/minikube/cmd/config/profile_list.go.rej

@@ -0,0 +1,52 @@
+diff a/cmd/minikube/cmd/config/profile_list.go b/cmd/minikube/cmd/config/profile_list.go	(rejected hunks)
+@@ -40,8 +40,11 @@ import (
+ 	"k8s.io/klog/v2"
+ )
+ 
+-var profileOutput string
+-var isLight bool
++var (
++	profileOutput string
++	isLight       bool
++	isDetailed    bool
++)
+ 
+ var profileListCmd = &cobra.Command{
+ 	Use:   "list",
+@@ -130,7 +133,13 @@ func profileStatus(p *config.Profile, api libmachine.API) cluster.State {
+ 
+ func renderProfilesTable(ps [][]string) {
+ 	table := tablewriter.NewWriter(os.Stdout)
+-	table.SetHeader([]string{"Profile", "VM Driver", "Runtime", "IP", "Port", "Version", "Status", "Nodes", "Active Profile", "Active Kubecontext"})
++	if isDetailed {
++		table.SetHeader([]string{"Profile", "Driver", "Runtime", "IP", "Port", "Version",
++			"Status", "Nodes", "Active Profile", "Active Kubecontext"})
++	} else {
++		table.SetHeader([]string{"Profile", "Driver", "Runtime", "IP", "Version", "Status",
++			"Nodes", "Active Profile", "Active Kubecontext"})
++	}
+ 	table.SetAutoFormatHeaders(false)
+ 	table.SetBorders(tablewriter.Border{Left: true, Top: true, Right: true, Bottom: true})
+ 	table.SetCenterSeparator("|")
+@@ -164,7 +173,13 @@ func profilesToTableData(profiles []*config.Profile) [][]string {
+ 		if p.ActiveKubeContext {
+ 			k = "*"
+ 		}
+-		data = append(data, []string{p.Name, p.Config.Driver, p.Config.KubernetesConfig.ContainerRuntime, cpIP, strconv.Itoa(cpPort), k8sVersion, p.Status, strconv.Itoa(len(p.Config.Nodes)), c, k})
++		if isDetailed {
++			data = append(data, []string{p.Name, p.Config.Driver, p.Config.KubernetesConfig.ContainerRuntime,
++				cpIP, strconv.Itoa(cpPort), k8sVersion, p.Status, strconv.Itoa(len(p.Config.Nodes)), c, k})
++		} else {
++			data = append(data, []string{p.Name, p.Config.Driver, p.Config.KubernetesConfig.ContainerRuntime,
++				cpIP, k8sVersion, p.Status, strconv.Itoa(len(p.Config.Nodes)), c, k})
++		}
+ 	}
+ 	return data
+ }
+@@ -213,5 +228,6 @@ func profilesOrDefault(profiles []*config.Profile) []*config.Profile {
+ func init() {
+ 	profileListCmd.Flags().StringVarP(&profileOutput, "output", "o", "table", "The output format. One of 'json', 'table'")
+ 	profileListCmd.Flags().BoolVarP(&isLight, "light", "l", false, "If true, returns list of profiles faster by skipping validating the status of the cluster.")
++	profileListCmd.Flags().BoolVarP(&isDetailed, "detailed", "d", false, "If true, returns a detailed list of profiles.")
+ 	ProfileCmd.AddCommand(profileListCmd)
+ }

cmd/minikube/cmd/service.go.rej

@@ -0,0 +1,29 @@
+diff a/cmd/minikube/cmd/service.go b/cmd/minikube/cmd/service.go	(rejected hunks)
+@@ -163,18 +163,20 @@ You may select another namespace by using 'minikube service {{.service}} -n <nam
+ 		for _, svc := range noNodePortServices {
+ 			noNodePortSvcNames = append(noNodePortSvcNames, fmt.Sprintf("%s/%s", svc.Namespace, svc.Name))
+ 		}
+-		if len(noNodePortServices) != 0 {
++		if len(noNodePortServices) > 0 {
+ 			out.WarningT("Services {{.svc_names}} have type \"ClusterIP\" not meant to be exposed, however for local development minikube allows you to access this !", out.V{"svc_names": noNodePortSvcNames})
+ 		}
+ 
+-		if driver.NeedsPortForward(co.Config.Driver) && services != nil {
+-			startKicServiceTunnel(services, cname, co.Config.Driver)
++		if driver.NeedsPortForward(co.Config.Driver) {
++			svcs := services
++			if len(svcs) == 0 && len(noNodePortServices) > 0 {
++				svcs = noNodePortServices
++			}
++			if len(svcs) > 0 {
++				startKicServiceTunnel(svcs, cname, co.Config.Driver)
++			}
+ 		} else if !serviceURLMode {
+ 			openURLs(data)
+-			if len(noNodePortServices) != 0 {
+-				startKicServiceTunnel(noNodePortServices, cname, co.Config.Driver)
+-			}
+-
+ 		}
+ 	},
+ }

cmd/minikube/cmd/ssh.go

@@ -29,6 +29,8 @@ import (
 	"k8s.io/minikube/pkg/minikube/node"
 	"k8s.io/minikube/pkg/minikube/out"
 	"k8s.io/minikube/pkg/minikube/reason"
+	"k8s.io/minikube/pkg/drivers/kic/oci"
+	"k8s.io/klog/v2"
 )
 
 var nativeSSHClient bool
@@ -56,7 +58,16 @@ var sshCmd = &cobra.Command{
 			}
 		}
 
-		err = machine.CreateSSHShell(co.API, *co.Config, *n, args, nativeSSHClient)
+		// For remote Docker contexts, use docker exec instead of SSH
+		klog.Warningf("SSH Command: Driver=%s, IsRemoteDockerContext=%v", co.Config.Driver, oci.IsRemoteDockerContext())
+		if co.Config.Driver == driver.Docker && oci.IsRemoteDockerContext() {
+			klog.Warningf("Using CreateSSHTerminal for remote Docker context")
+			err = oci.CreateSSHTerminal(config.MachineName(*co.Config, *n), args)
+		} else {
+			klog.Warningf("Using standard SSH shell")
+			err = machine.CreateSSHShell(co.API, *co.Config, *n, args, nativeSSHClient)
+		}
+
 		if err != nil {
 			// This is typically due to a non-zero exit code, so no need for flourish.
 			out.ErrLn("ssh: %v", err)

cmd/minikube/cmd/start.go

@@ -41,8 +41,8 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/pkg/errors"
-	"github.com/shirou/gopsutil/v3/cpu"
-	gopshost "github.com/shirou/gopsutil/v3/host"
+	"github.com/shirou/gopsutil/v4/cpu"
+	gopshost "github.com/shirou/gopsutil/v4/host"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"golang.org/x/text/cases"
@@ -113,10 +113,11 @@ func init() {
 
 // startCmd represents the start command
 var startCmd = &cobra.Command{
-	Use:   "start",
-	Short: "Starts a local Kubernetes cluster",
-	Long:  "Starts a local Kubernetes cluster",
-	Run:   runStart,
+	Use:     "start",
+	Aliases: []string{"create"},
+	Short:   "Starts a local Kubernetes cluster",
+	Long:    "Starts a local Kubernetes cluster",
+	Run:     runStart,
 }
 
 // platform generates a user-readable platform message
@@ -135,7 +136,12 @@ func platform() string {
 
 	vsys, vrole, err := gopshost.Virtualization()
 	if err != nil {
-		klog.Warningf("gopshost.Virtualization returned error: %v", err)
+		// Only log if it's a real error, not just "not implemented yet"
+		if !strings.Contains(err.Error(), "not implemented yet") {
+			klog.Warningf("gopshost.Virtualization returned error: %v", err)
+		} else {
+			klog.V(3).Infof("Virtualization detection not implemented for this platform (harmless)")
+		}
 	} else {
 		klog.Infof("virtualization: %s %s", vsys, vrole)
 	}
@@ -731,6 +737,14 @@ func selectDriver(existing *config.ClusterConfig) (registry.DriverState, []regis
 		return ds, nil, true
 	}
 
+	// Check for remote Docker context and auto-select docker driver
+	if oci.IsRemoteDockerContext() {
+		ds := driver.Status("docker")
+		out.Step(style.Sparkle, `Detected a remote Docker context, using the {{.driver}} driver`, out.V{"driver": ds.String()})
+		out.Infof("For remote Docker connections, you may need to run 'minikube tunnel-ssh' for API server access")
+		return ds, nil, true
+	}
+
 	choices := driver.Choices(viper.GetBool("vm"))
 	pick, alts, rejects := driver.Suggest(choices)
 	if pick.Name == "" {

cmd/minikube/cmd/start.go.rej

@@ -0,0 +1,12 @@
+diff a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go	(rejected hunks)
+@@ -1098,8 +1112,8 @@ func suggestMemoryAllocation(sysLimit, containerLimit, nodes int) int {
+ 		return mem
+ 	}
+ 
+-	const fallback = 2200
+-	maximum := 6000
++	const fallback = 3072
++	maximum := 6144
+ 
+ 	if sysLimit > 0 && fallback > sysLimit {
+ 		return sysLimit

cmd/minikube/cmd/start_flags.go

@@ -24,7 +24,7 @@ import (
 
 	"github.com/blang/semver/v4"
 	"github.com/pkg/errors"
-	"github.com/shirou/gopsutil/v3/cpu"
+	"github.com/shirou/gopsutil/v4/cpu"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/klog/v2"

cmd/minikube/cmd/start_flags.go.rej

@@ -0,0 +1,51 @@
+diff a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go	(rejected hunks)
+@@ -61,8 +61,8 @@ const (
+ 	hostOnlyCIDR            = "host-only-cidr"
+ 	containerRuntime        = "container-runtime"
+ 	criSocket               = "cri-socket"
+-	networkPlugin           = "network-plugin"
+-	enableDefaultCNI        = "enable-default-cni"
++	networkPlugin           = "network-plugin"     // deprecated, use --cni instead
++	enableDefaultCNI        = "enable-default-cni" // deprecated, use --cni=bridge instead
+ 	cniFlag                 = "cni"
+ 	hypervVirtualSwitch     = "hyperv-virtual-switch"
+ 	hypervUseExternalSwitch = "hyperv-use-external-switch"
+@@ -163,7 +163,7 @@ func initMinikubeFlags() {
+ 	startCmd.Flags().Bool(dryRun, false, "dry-run mode. Validates configuration, but does not mutate system state")
+ 
+ 	startCmd.Flags().String(cpus, "2", fmt.Sprintf("Number of CPUs allocated to Kubernetes. Use %q to use the maximum number of CPUs. Use %q to not specify a limit (Docker/Podman only)", constants.MaxResources, constants.NoLimit))
+-	startCmd.Flags().String(memory, "", fmt.Sprintf("Amount of RAM to allocate to Kubernetes (format: <number>[<unit>], where unit = b, k, m or g). Use %q to use the maximum amount of memory. Use %q to not specify a limit (Docker/Podman only)", constants.MaxResources, constants.NoLimit))
++	startCmd.Flags().StringP(memory, "m", "", fmt.Sprintf("Amount of RAM to allocate to Kubernetes (format: <number>[<unit>], where unit = b, k, m or g). Use %q to use the maximum amount of memory. Use %q to not specify a limit (Docker/Podman only)", constants.MaxResources, constants.NoLimit))
+ 	startCmd.Flags().String(humanReadableDiskSize, defaultDiskSize, "Disk size allocated to the minikube VM (format: <number>[<unit>], where unit = b, k, m or g).")
+ 	startCmd.Flags().Bool(downloadOnly, false, "If true, only download and cache files for later use - don't install or start anything.")
+ 	startCmd.Flags().Bool(cacheImages, true, "If true, cache docker images for the current bootstrapper and load them into the machine. Always false with --driver=none.")
+@@ -182,7 +182,7 @@ func initMinikubeFlags() {
+ 	startCmd.Flags().Uint16(mountPortFlag, defaultMountPort, mountPortDescription)
+ 	startCmd.Flags().String(mountTypeFlag, defaultMountType, mountTypeDescription)
+ 	startCmd.Flags().String(mountUID, defaultMountUID, mountUIDDescription)
+-	startCmd.Flags().StringSlice(config.AddonListFlag, nil, "Enable addons. see `minikube addons list` for a list of valid addon names.")
++	startCmd.Flags().StringSlice(config.AddonListFlag, nil, "Enable one or more addons, in a comma-separated format. See `minikube addons list` for a list of valid addon names.")
+ 	startCmd.Flags().String(criSocket, "", "The cri socket path to be used.")
+ 	startCmd.Flags().String(networkPlugin, "", "DEPRECATED: Replaced by --cni")
+ 	startCmd.Flags().Bool(enableDefaultCNI, false, "DEPRECATED: Replaced by --cni=bridge")
+@@ -232,6 +232,20 @@ func initKubernetesFlags() {
+ func initDriverFlags() {
+ 	startCmd.Flags().StringP("driver", "d", "", fmt.Sprintf("Driver is one of: %v (defaults to auto-detect)", driver.DisplaySupportedDrivers()))
+ 	startCmd.Flags().String("vm-driver", "", "DEPRECATED, use `driver` instead.")
++	// Hide the deprecated vm-driver flag from help text
++	if err := startCmd.Flags().MarkHidden("vm-driver"); err != nil {
++		klog.Warningf("Failed to hide vm-driver flag: %v\n", err)
++	}
++	// Hide the deprecated flag from help text so new users dont use it (still will be processed)
++	if err := startCmd.Flags().MarkHidden(enableDefaultCNI); err != nil {
++		klog.Warningf("Failed to hide %s flag: %v\n", enableDefaultCNI, err)
++	}
++
++	// Hide the deprecated flag from help text so new users dont use it (still will be processed)
++	if err := startCmd.Flags().MarkHidden(networkPlugin); err != nil {
++		klog.Warningf("Failed to hide %s flag: %v\n", networkPlugin, err)
++	}
++
+ 	startCmd.Flags().Bool(disableDriverMounts, false, "Disables the filesystem mounts provided by the hypervisors")
+ 	startCmd.Flags().Bool("vm", false, "Filter to use only VM Drivers")
+ 

cmd/minikube/cmd/start_test.go.rej

@@ -0,0 +1,38 @@
+diff a/cmd/minikube/cmd/start_test.go b/cmd/minikube/cmd/start_test.go	(rejected hunks)
+@@ -277,26 +277,26 @@ func TestSuggestMemoryAllocation(t *testing.T) {
+ 		nodes          int
+ 		want           int
+ 	}{
+-		{"128GB sys", 128000, 0, 1, 6000},
+-		{"64GB sys", 64000, 0, 1, 6000},
+-		{"32GB sys", 32768, 0, 1, 6000},
++		{"128GB sys", 128000, 0, 1, 6144},
++		{"64GB sys", 64000, 0, 1, 6144},
++		{"32GB sys", 32768, 0, 1, 6144},
+ 		{"16GB sys", 16384, 0, 1, 4000},
+ 		{"odd sys", 14567, 0, 1, 3600},
+-		{"4GB sys", 4096, 0, 1, 2200},
++		{"4GB sys", 4096, 0, 1, 3072},
+ 		{"2GB sys", 2048, 0, 1, 2048},
+-		{"Unable to poll sys", 0, 0, 1, 2200},
++		{"Unable to poll sys", 0, 0, 1, 3072},
+ 		{"128GB sys, 16GB container", 128000, 16384, 1, 16336},
+ 		{"64GB sys, 16GB container", 64000, 16384, 1, 16000},
+ 		{"16GB sys, 4GB container", 16384, 4096, 1, 4000},
+ 		{"4GB sys, 3.5GB container", 16384, 3500, 1, 3452},
+ 		{"16GB sys, 2GB container", 16384, 2048, 1, 2048},
+ 		{"16GB sys, unable to poll container", 16384, 0, 1, 4000},
+-		{"128GB sys 2 nodes", 128000, 0, 2, 6000},
+-		{"8GB sys 3 nodes", 8192, 0, 3, 2200},
+-		{"16GB sys 2 nodes", 16384, 0, 2, 2200},
++		{"128GB sys 2 nodes", 128000, 0, 2, 6144},
++		{"8GB sys 3 nodes", 8192, 0, 3, 3072},
++		{"16GB sys 2 nodes", 16384, 0, 2, 3072},
+ 		{"32GB sys 2 nodes", 32768, 0, 2, 4050},
+-		{"odd sys 2 nodes", 14567, 0, 2, 2200},
+-		{"4GB sys 2 nodes", 4096, 0, 2, 2200},
++		{"odd sys 2 nodes", 14567, 0, 2, 3072},
++		{"4GB sys 2 nodes", 4096, 0, 2, 3072},
+ 		{"2GB sys 3 nodes", 2048, 0, 3, 2048},
+ 	}
+ 	for _, test := range tests {

cmd/minikube/cmd/tunnel-ssh.go

@@ -0,0 +1,115 @@
+/*
+Copyright 2024 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"strconv"
+	"syscall"
+
+	"github.com/spf13/cobra"
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/pkg/drivers/kic/oci"
+	"k8s.io/minikube/pkg/minikube/exit"
+	"k8s.io/minikube/pkg/minikube/kubeconfig"
+	"k8s.io/minikube/pkg/minikube/mustload"
+	"k8s.io/minikube/pkg/minikube/out"
+	"k8s.io/minikube/pkg/minikube/reason"
+	"k8s.io/minikube/pkg/minikube/style"
+)
+
+// tunnelSSHCmd represents the tunnel-ssh command for persistent SSH tunneling
+var tunnelSSHCmd = &cobra.Command{
+	Use:   "tunnel-ssh",
+	Short: "Create persistent SSH tunnel for remote Docker contexts",
+	Long: `Creates and maintains an SSH tunnel for API server access when using
+remote Docker contexts. The tunnel runs in the foreground and can be stopped with Ctrl+C.`,
+	Run: func(_ *cobra.Command, _ []string) {
+		// Check if we're using a remote SSH Docker context
+		if !oci.IsRemoteDockerContext() {
+			out.Styled(style.Meh, "No remote Docker context detected - tunnel not needed")
+			return
+		}
+
+		if !oci.IsSSHDockerContext() {
+			out.ErrT(style.Sad, "SSH tunnel only supported for SSH-based Docker contexts")
+			exit.Error(reason.Usage, "unsupported context type", fmt.Errorf("not an SSH context"))
+		}
+
+		cname := ClusterFlagValue()
+		co := mustload.Running(cname)
+
+		out.Step(style.Launch, "Starting SSH tunnel for API server access...")
+		klog.Infof("Setting up persistent SSH tunnel for cluster %s", cname)
+
+		// Set up SSH tunnel for API server access
+		tunnelEndpoint, cleanup, err := oci.SetupAPIServerTunnel(co.CP.Port)
+		if err != nil {
+			exit.Error(reason.HostKubeconfigUpdate, "setting up SSH tunnel", err)
+		}
+
+		if tunnelEndpoint == "" {
+			out.Styled(style.Meh, "No tunnel needed for this context")
+			return
+		}
+
+		// Parse tunnel endpoint to get port
+		var tunnelPort int
+		if len(tunnelEndpoint) > 19 { // len("https://localhost:")
+			portStr := tunnelEndpoint[19:] // Skip "https://localhost:"
+			if port, parseErr := strconv.Atoi(portStr); parseErr == nil {
+				tunnelPort = port
+			}
+		}
+
+		// Update kubeconfig to use the tunnel
+		updated, err := kubeconfig.UpdateEndpoint(cname, "localhost", tunnelPort, kubeconfig.PathFromEnv(), kubeconfig.NewExtension())
+		if err != nil {
+			cleanup()
+			exit.Error(reason.HostKubeconfigUpdate, "updating kubeconfig", err)
+		}
+
+		if updated {
+			out.Step(style.Celebrate, `"{{.context}}" context updated to use SSH tunnel {{.endpoint}}`,
+				out.V{"context": cname, "endpoint": tunnelEndpoint})
+		}
+
+		out.Step(style.Running, "SSH tunnel active on {{.endpoint}} ({{.original}} -> localhost:{{.port}})",
+			out.V{
+				"endpoint": tunnelEndpoint,
+				"original": fmt.Sprintf("%s:%d", co.CP.Hostname, co.CP.Port),
+				"port": tunnelPort,
+			})
+		out.Styled(style.Tip, "Press Ctrl+C to stop the tunnel")
+
+		// Set up signal handling for graceful shutdown
+		c := make(chan os.Signal, 1)
+		signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+
+		// Wait for interrupt signal
+		<-c
+		out.Step(style.Shutdown, "Stopping SSH tunnel...")
+		cleanup()
+		out.Styled(style.Celebrate, "SSH tunnel stopped")
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(tunnelSSHCmd)
+}