minikube
minikube copied to clipboard
kubernetes
minikube not able to download gcr images in Iran
What Happened?
This is a big shame on Google due to blocking Minikube to Iranians for ridiculous reasons while this tool is free payment. I, as an Iranian, ask only one question. Why this tool is blocked?
SHAME ON YOU GOOGLE
Attach the log file
no log
Operating System
No response
Driver
No response
MahmoodKamali there is absolutely no block against anyone regardless of location or identity, minikube is an open source tool available on github for everyone,
do you mind sharing logs or the output message you get?
Yes, there is and I explain it in detail on the Medium website. You can read it. Many thanks for your concern.
https://medium.com/@mahmoood/step-1-40e374b6f995
Yes, there is and I explain it in detail on the Medium website. You can read it. Many thanks for your concern.
https://medium.com/@mahmoood/step-1-40e374b6f995
Thank you for providing more context on this issue, minikbue is an open source project, and we do not have any restriction on anywhere, and our images are stored in GCR similar to other Kubernetes projects images. but we would happily accept new hosting for minikube images anywhere.
the access to GCR or image hostings is beyond minikube control and it is subject to Governments laws and I am sorry that you dont have access to GCR.
minikube team does not put any restriction on any one, in-fact we have added special feature to help users in countries with a national firewall to bypass the restriction. (for example "image-mirror-country" or "registry-mirror"
checkout the flags description:
$ minikube start --help | grep mirror
--image-mirror-country='':
Country code of the image mirror to be used. Leave empty to use the global one. For Chinese mainland users, set it to cn.
Alternative image repository to pull docker images from. This can be used when you have limited access to gcr.io. Set it to "auto" to let minikube decide one for you. For Chinese mainland users, you may use local gcr.io mirrors such as registry.cn-hangzhou.aliyuncs.com/google_containers
--registry-mirror=[]:
Registry mirrors to pass to the Docker daemon
Our users in china also have the same problem. Chinnese users sync minikube images into Alibaba cloud, and they could bypass the firewall. https://github.com/kubernetes/minikube/blob/master/.github/workflows/sync-minikube.yml
and I am curious if you set your country mirror to be China ? would it help for Iran as well ?
please let me know if this helps you
minikube delete --all --purge
minikube start --image-mirror-country=cn
Again I am sorry you are facing this issue, and if you know a way to fix this issue for users in Iran, and if you contribute that PR, I would be happy to review the PR !
Million thanks for your replying, patience, and concerns, however, there was no change and it was as expected. I have updated the article to see what happened after your help. Regardless of your sympathy, I have to say, this is a really BIG BIG BIG shame on gcr.io to block Iranians' access to pulling an open-source docker image. It shows how the US government has real systematic discrimination against people who have nothing to do with any kind of political action. The question is what is inside the image that Iranians are not allowed to pull it?
I am wondering why you don't put the "gcr.io/k8s-minikube/kicbase:v0.0.36" image on Dockerhub while Google insists to block Iran's IP due to a ridiculous excuse.
@MahmoodKamali
I really don't know the reason behind government laws and I disagree with them there should be no reason to blindly block all access to GCR to Iranian users, I think a better place to create this issue is GCP customer service, do you know if AWS or Azure have similar limiations or is this only a GCP issue? (again this is minikube repo and I do not offically speak on behalf of Google here) I only represent open source project minikube that belongs to CNCF.
but I think this could be a good discussion with CNCF to have to see if they can give feedback to the law makers to update the laws to avoid hurting ordinary users. maybe try creating an issue with CNCF https://github.com/cncf/foundation and check what CNCF could do about government laws that restrict access to users in Iran. they might have better insight or contacts in government.
on your second question, we do publish minikube images to Docker hub as well and infact minikube code is supposed to Re-try and fail over to docker hub in case gcr.io is not available. (but maybe that part of the code is broken? )
here is the part of the code that does that the fail over logic: https://github.com/medyagh/minikube/blob/f922ae914efdf35b68ecc2da4772f7c93220972c/pkg/drivers/kic/types.go#L41
and here is link to our docker hub image https://hub.docker.com/r/kicbase/stable
you can specify the image using a flag as well
minikube start --base-image=kicbase/stable:v0.0.36
did you already try the "--image-mirror-country=cn" flag ?
For your information, AWS has totally blocked all its services to Iranians due to sanctions. We have no access to AWS, Azure, GCP, Cloudflare, and other cloud computing services. They are paid services and due to no international banking service access, it might be justified, however, I am confused why the Minikube is like them. I solved the problem by asking a friend of mine who lives in Canada to get remote access, and then install Virtualbox, install a Ubuntu VM on it, Install all required packages of the Minikube, then zip the VM, uploaded to a public server, then copy it on my local machine, extract the zipped file, and finally import the VM on my Virtualbox and run the VM. Such a beautiful story. :))
Finally, I would like to say a million thanks for your concern and for following up on the issue. This is a situation that we have managed like what I have done.
Best regards,
@MahmoodKamali
Maybe I can answer your second question. I am from China, and @medyagh requested me to help dealing with your problem, because in China we also have no access to gcr.io.
But when I dived deeper, I found that things are really different in Iran. For Chinese users, we do not have access to gcr.io, because China gonvernment banned access to gcr.io. For Iranian users, you do not have access to gcr.io, because gcr.io banned Iranian IP due to sanctions.
Uploading images to docker hub won't help because docker hub also bans Iranian users. (Similarly, in China docker hub is also unavailable because of gonvernment's blockade)
But, still, I think the workaround for Chinese users can help users in Iran. In China, there are mirror repositories, maintained by a Chinese corporation called "aliyun". These mirror repositories are located in China, therefore they do not ban Iranian users. I have tested with ping.pe and confirmed that Iran have access to these repositories. The domain of these repositories is registry.cn-hangzhou.aliyuncs.com . See https://tcp.ping.pe/120.55.105.209:443
Minikube is an open community and we are always willing to help users from any corner of the world to use their open-source softwares, I think. Minikube have supported pulling images from these repos. Try running minikube start --image-mirror-country='cn', by adding --image-mirror-country='cn' flag, minikube will try to pull images from aliyun as first priority. So theoretically , you can try this command, and it should work.
Another method is to use a proxy server or VPN, if you have one.
Minikube is an open community and we are always willing to help users from any corner of the world to use our open-source softwares, I think. @medyagh has requested me to add a page on minikube's official doc, telling Iranian and Chinese users how to bypass the blockade and use minikube. I think we will see this page soon.
First of all thank @medyagh for following up on the issue which shows how he is dedicated and thank you for replying and making clear the situation. As you said exactly, our problem is the same but with a different perspective. When a service or a website is blocked by Iran's government is it easy to bypass, but when it is banned by the source, bypassing it, is a little bit challenging as many of them blocked Iran's traffic based on the Timezone, not region or IP. gcr.io is blocked not only based on Timezone but also other factors that I have no idea about them. For your solution, I should say, I tried it yesterday, however, there was no success and again service could not start as desired. I think there is some garbage on my OS and need a fresh install to solve it. I uploaded what happened to me on a Medium website that you can read or have done already maybe.
https://medium.com/@mahmoood/step-1-40e374b6f995
I will install a new OS and try your solution and update you and dear @medyagh.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle rotten - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue with
/reopen - Mark this issue as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue with
/reopen- Mark this issue as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
I had the same problem. unfortunately. and with 403online, shekan or begzar and ... DNS not working at all. with some VPNs for slow conn speed and limitations doesn't working. I try nekory with some configs you can find them simply in Telegram channels and pay attention to change timezone into any country except Iran. if match with VPN config it would be better. You can test it with nslookup dl.k8s.io command.
