Update OWNERS: adding nirs to reviewers (#21016)

Author: medyagh

OWNERS

@@ -4,6 +4,7 @@ reviewers:
   - medyagh
   - prezha
   - comradeprogrammer
+  - nirs
 approvers:
   - medyagh
   - spowelljr

cmd/minikube/cmd/ssh.go

@@ -29,6 +29,8 @@ import (
 	"k8s.io/minikube/pkg/minikube/node"
 	"k8s.io/minikube/pkg/minikube/out"
 	"k8s.io/minikube/pkg/minikube/reason"
+	"k8s.io/minikube/pkg/drivers/kic/oci"
+	"k8s.io/klog/v2"
 )
 
 var nativeSSHClient bool
@@ -56,7 +58,16 @@ var sshCmd = &cobra.Command{
 			}
 		}
 
-		err = machine.CreateSSHShell(co.API, *co.Config, *n, args, nativeSSHClient)
+		// For remote Docker contexts, use docker exec instead of SSH
+		klog.Warningf("SSH Command: Driver=%s, IsRemoteDockerContext=%v", co.Config.Driver, oci.IsRemoteDockerContext())
+		if co.Config.Driver == driver.Docker && oci.IsRemoteDockerContext() {
+			klog.Warningf("Using CreateSSHTerminal for remote Docker context")
+			err = oci.CreateSSHTerminal(config.MachineName(*co.Config, *n), args)
+		} else {
+			klog.Warningf("Using standard SSH shell")
+			err = machine.CreateSSHShell(co.API, *co.Config, *n, args, nativeSSHClient)
+		}
+
 		if err != nil {
 			// This is typically due to a non-zero exit code, so no need for flourish.
 			out.ErrLn("ssh: %v", err)

cmd/minikube/cmd/start.go

@@ -41,8 +41,8 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/pkg/errors"
-	"github.com/shirou/gopsutil/v3/cpu"
-	gopshost "github.com/shirou/gopsutil/v3/host"
+	"github.com/shirou/gopsutil/v4/cpu"
+	gopshost "github.com/shirou/gopsutil/v4/host"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"golang.org/x/text/cases"
@@ -113,10 +113,11 @@ func init() {
 
 // startCmd represents the start command
 var startCmd = &cobra.Command{
-	Use:   "start",
-	Short: "Starts a local Kubernetes cluster",
-	Long:  "Starts a local Kubernetes cluster",
-	Run:   runStart,
+	Use:     "start",
+	Aliases: []string{"create"},
+	Short:   "Starts a local Kubernetes cluster",
+	Long:    "Starts a local Kubernetes cluster",
+	Run:     runStart,
 }
 
 // platform generates a user-readable platform message
@@ -135,7 +136,12 @@ func platform() string {
 
 	vsys, vrole, err := gopshost.Virtualization()
 	if err != nil {
-		klog.Warningf("gopshost.Virtualization returned error: %v", err)
+		// Only log if it's a real error, not just "not implemented yet"
+		if !strings.Contains(err.Error(), "not implemented yet") {
+			klog.Warningf("gopshost.Virtualization returned error: %v", err)
+		} else {
+			klog.V(3).Infof("Virtualization detection not implemented for this platform (harmless)")
+		}
 	} else {
 		klog.Infof("virtualization: %s %s", vsys, vrole)
 	}
@@ -731,6 +737,14 @@ func selectDriver(existing *config.ClusterConfig) (registry.DriverState, []regis
 		return ds, nil, true
 	}
 
+	// Check for remote Docker context and auto-select docker driver
+	if oci.IsRemoteDockerContext() {
+		ds := driver.Status("docker")
+		out.Step(style.Sparkle, `Detected a remote Docker context, using the {{.driver}} driver`, out.V{"driver": ds.String()})
+		out.Infof("For remote Docker connections, you may need to run 'minikube tunnel-ssh' for API server access")
+		return ds, nil, true
+	}
+
 	choices := driver.Choices(viper.GetBool("vm"))
 	pick, alts, rejects := driver.Suggest(choices)
 	if pick.Name == "" {

cmd/minikube/cmd/start_flags.go

@@ -24,7 +24,7 @@ import (
 
 	"github.com/blang/semver/v4"
 	"github.com/pkg/errors"
-	"github.com/shirou/gopsutil/v3/cpu"
+	"github.com/shirou/gopsutil/v4/cpu"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/klog/v2"

cmd/minikube/cmd/tunnel-ssh.go

@@ -0,0 +1,115 @@
+/*
+Copyright 2024 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"strconv"
+	"syscall"
+
+	"github.com/spf13/cobra"
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/pkg/drivers/kic/oci"
+	"k8s.io/minikube/pkg/minikube/exit"
+	"k8s.io/minikube/pkg/minikube/kubeconfig"
+	"k8s.io/minikube/pkg/minikube/mustload"
+	"k8s.io/minikube/pkg/minikube/out"
+	"k8s.io/minikube/pkg/minikube/reason"
+	"k8s.io/minikube/pkg/minikube/style"
+)
+
+// tunnelSSHCmd represents the tunnel-ssh command for persistent SSH tunneling
+var tunnelSSHCmd = &cobra.Command{
+	Use:   "tunnel-ssh",
+	Short: "Create persistent SSH tunnel for remote Docker contexts",
+	Long: `Creates and maintains an SSH tunnel for API server access when using
+remote Docker contexts. The tunnel runs in the foreground and can be stopped with Ctrl+C.`,
+	Run: func(_ *cobra.Command, _ []string) {
+		// Check if we're using a remote SSH Docker context
+		if !oci.IsRemoteDockerContext() {
+			out.Styled(style.Meh, "No remote Docker context detected - tunnel not needed")
+			return
+		}
+
+		if !oci.IsSSHDockerContext() {
+			out.ErrT(style.Sad, "SSH tunnel only supported for SSH-based Docker contexts")
+			exit.Error(reason.Usage, "unsupported context type", fmt.Errorf("not an SSH context"))
+		}
+
+		cname := ClusterFlagValue()
+		co := mustload.Running(cname)
+
+		out.Step(style.Launch, "Starting SSH tunnel for API server access...")
+		klog.Infof("Setting up persistent SSH tunnel for cluster %s", cname)
+
+		// Set up SSH tunnel for API server access
+		tunnelEndpoint, cleanup, err := oci.SetupAPIServerTunnel(co.CP.Port)
+		if err != nil {
+			exit.Error(reason.HostKubeconfigUpdate, "setting up SSH tunnel", err)
+		}
+
+		if tunnelEndpoint == "" {
+			out.Styled(style.Meh, "No tunnel needed for this context")
+			return
+		}
+
+		// Parse tunnel endpoint to get port
+		var tunnelPort int
+		if len(tunnelEndpoint) > 19 { // len("https://localhost:")
+			portStr := tunnelEndpoint[19:] // Skip "https://localhost:"
+			if port, parseErr := strconv.Atoi(portStr); parseErr == nil {
+				tunnelPort = port
+			}
+		}
+
+		// Update kubeconfig to use the tunnel
+		updated, err := kubeconfig.UpdateEndpoint(cname, "localhost", tunnelPort, kubeconfig.PathFromEnv(), kubeconfig.NewExtension())
+		if err != nil {
+			cleanup()
+			exit.Error(reason.HostKubeconfigUpdate, "updating kubeconfig", err)
+		}
+
+		if updated {
+			out.Step(style.Celebrate, `"{{.context}}" context updated to use SSH tunnel {{.endpoint}}`,
+				out.V{"context": cname, "endpoint": tunnelEndpoint})
+		}
+
+		out.Step(style.Running, "SSH tunnel active on {{.endpoint}} ({{.original}} -> localhost:{{.port}})",
+			out.V{
+				"endpoint": tunnelEndpoint,
+				"original": fmt.Sprintf("%s:%d", co.CP.Hostname, co.CP.Port),
+				"port": tunnelPort,
+			})
+		out.Styled(style.Tip, "Press Ctrl+C to stop the tunnel")
+
+		// Set up signal handling for graceful shutdown
+		c := make(chan os.Signal, 1)
+		signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+
+		// Wait for interrupt signal
+		<-c
+		out.Step(style.Shutdown, "Stopping SSH tunnel...")
+		cleanup()
+		out.Styled(style.Celebrate, "SSH tunnel stopped")
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(tunnelSSHCmd)
+}

cmd/minikube/cmd/update-context.go

@@ -17,7 +17,12 @@ limitations under the License.
 package cmd
 
 import (
+	"net/url"
+	"strconv"
+
 	"github.com/spf13/cobra"
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/pkg/drivers/kic/oci"
 	"k8s.io/minikube/pkg/minikube/exit"
 	"k8s.io/minikube/pkg/minikube/kubeconfig"
 	"k8s.io/minikube/pkg/minikube/mustload"
@@ -35,14 +40,72 @@ var updateContextCmd = &cobra.Command{
 	Run: func(_ *cobra.Command, _ []string) {
 		cname := ClusterFlagValue()
 		co := mustload.Running(cname)
-		//	cluster extension metada for kubeconfig
 
-		updated, err := kubeconfig.UpdateEndpoint(cname, co.CP.Hostname, co.CP.Port, kubeconfig.PathFromEnv(), kubeconfig.NewExtension())
+		// Determine the endpoint to use (with tunneling or remote host)
+		hostname := co.CP.Hostname
+		port := co.CP.Port
+
+		// Handle remote Docker contexts
+		if oci.IsRemoteDockerContext() {
+			if oci.IsSSHDockerContext() {
+				klog.Infof("Remote SSH Docker context detected, setting up API server tunnel")
+
+				// Set up SSH tunnel for API server access
+				tunnelEndpoint, cleanup, err := oci.SetupAPIServerTunnel(co.CP.Port)
+				if err != nil {
+					klog.Warningf("Failed to setup SSH tunnel, falling back to direct connection: %v", err)
+				} else if tunnelEndpoint != "" {
+					// Parse the tunnel endpoint to get localhost and tunnel port
+					hostname = "localhost"
+					// Extract port from tunnelEndpoint (format: https://localhost:PORT)
+					if len(tunnelEndpoint) > 19 { // len("https://localhost:")
+						portStr := tunnelEndpoint[19:] // Skip "https://localhost:"
+						if tunneledPort, parseErr := strconv.Atoi(portStr); parseErr == nil {
+							port = tunneledPort
+							klog.Infof("Using SSH tunnel: %s -> %s:%d", tunnelEndpoint, co.CP.Hostname, co.CP.Port)
+
+							// Set up cleanup when the process exits
+							defer func() {
+								klog.Infof("Cleaning up SSH tunnel")
+								cleanup()
+							}()
+						}
+					}
+				}
+			} else {
+				// TLS context - use the actual remote host (Docker TLS doesn't provide port forwarding)
+				klog.Infof("Remote TLS Docker context detected, using direct connection to remote host")
+
+				ctx, err := oci.GetCurrentContext()
+				if err == nil && ctx.Host != "" {
+					if u, parseErr := url.Parse(ctx.Host); parseErr == nil && u.Hostname() != "" {
+						hostname = u.Hostname()
+						klog.Infof("Using remote host for TLS context: %s (port %d)", hostname, port)
+					} else {
+						klog.Warningf("Failed to parse remote host from context %q, using default", ctx.Host)
+					}
+				} else {
+					klog.Warningf("Failed to get Docker context info for TLS endpoint: %v", err)
+				}
+			}
+		}
+
+		updated, err := kubeconfig.UpdateEndpoint(cname, hostname, port, kubeconfig.PathFromEnv(), kubeconfig.NewExtension())
 		if err != nil {
 			exit.Error(reason.HostKubeconfigUpdate, "update config", err)
 		}
+
 		if updated {
-			out.Step(style.Celebrate, `"{{.context}}" context has been updated to point to {{.hostname}}:{{.port}}`, out.V{"context": cname, "hostname": co.CP.Hostname, "port": co.CP.Port})
+			if hostname == "localhost" && oci.IsRemoteDockerContext() && oci.IsSSHDockerContext() {
+				out.Step(style.Celebrate, `"{{.context}}" context has been updated to point to {{.hostname}}:{{.port}} (SSH tunnel to {{.original}})`,
+					out.V{"context": cname, "hostname": hostname, "port": port, "original": co.CP.Hostname + ":" + strconv.Itoa(co.CP.Port)})
+			} else if oci.IsRemoteDockerContext() && !oci.IsSSHDockerContext() {
+				out.Step(style.Celebrate, `"{{.context}}" context has been updated to point to {{.hostname}}:{{.port}} (TLS remote connection)`,
+					out.V{"context": cname, "hostname": hostname, "port": port})
+			} else {
+				out.Step(style.Celebrate, `"{{.context}}" context has been updated to point to {{.hostname}}:{{.port}}`,
+					out.V{"context": cname, "hostname": hostname, "port": port})
+			}
 		} else {
 			out.Styled(style.Meh, `No changes required for the "{{.context}}" context`, out.V{"context": cname})
 		}