Note: this document is MacOS specific.

Intro

Minikube is an all around awesome way to get a Docker and Kubernetes compatible container manager without actually having to install Docker or Kubernetes separately.

Many of us now work remotely these days, which typically means we have to run some sort of VPN software or another to be able to access the office network.

Overview

Minikube is great but it might not work very well under VPN. The issue is described in detail on Minikube's website. Suffice to say that many VPNs are overzealous in that what networks they let the traffic through unmolested.

There is some work around if (on MacOS) HyperKit is used with the VPNKit. Unfortunately, the latter is not distributed as a binary, except with Docker Desktop. Building it from (OCaml) source has proven to be quite problematic.

But Docker Desktop comes with both: HyperKit and VPNKit. These are built as static binaries and can be extracted directly from Docker Desktop distribution package without having to install the latter, as described below.

It it important to source both from the same Docker Desktop package as in my experience I first tried to get vpnkit only but it refused to work with hyperkit I previously installed from Homebrew.

Prerequisites

• You will need operational Homebrew.
• curl command. Can be installed with brew install curl.
• Uninstall previous versions of hyperkitand vpnkit, should you have any

Installation

Minikube

Install minikube as per its installation guide. Under brew it is quite as simple as:

brew install minikube

Hyperkit/VPNKit

MacOS comes with native Hypervisor support, which hyperkit taps into. The below shell commands will acquire Docker Desktop distribution MacOS package, mount it, copy hyperkit and vpnkit binaries onto your current directory, lastly unmount the package.

Please note that these instructions are relevant (at the time of writing) to the current Docker Desktop distribution package. If later on Docker decides to package differently, or exclude hyperkit or vpnkit then these will no longer apply.

curl -sLo Docker.dmg https://desktop.docker.com/mac/main/amd64/Docker.dmg
hdiutil attach Docker.dmg
cp /Volumes/Docker/Docker.app/Contents/Resources/bin/com.docker.vpnkit ./vpnkit
cp /Volumes/Docker/Docker.app/Contents/Resources/bin/com.docker.hyperkit ./hyperkit
umount /Volumes/Docker

In my experience, the next two commands are optional, the vpnkit as well as hyperkit seem to work just fine without, but your mileage may vary.

xattr -c ./vpnkit ./hyperkit
codesign --remove-signature ./vpnkit ./hyperkit

I have a location, which is added to PATH, where I keep various utility binaries, for example ~/bin/. I prefer to copy vpnkit and hyperkit there.

Running the Minukube with VPNKit

Run VPNKit

vpnkit --ethernet /tmp/vpn.socket

You can vary the socket file location , just do not forget to use the same with the --hyperkit-vpnkit-sock flag to minikube.

You can also run vpnkit in background if that is your preference.

Run the Minukube

Make sure that hyperkit is on your PATH. Then

minikube start --hyperkit-vpnkit-sock=/tmp/vpn.socket

You can freely stop minikube afterwards it will re-attach to vpnkit on next start provided you leave vpnkit running.

Enjoy!

Please feel free to let me know should you have any questions, concerns, suggestions, etc.