colima icon indicating copy to clipboard operation
colima copied to clipboard

Can't pull images from internal docker registry

Open Joxtacy opened this issue 3 years ago • 5 comments

Describe the Issue

Being on the company VPN I can't pull images from our internal docker registry. It results in the following error:

Using default tag: latest
Error response from daemon: Get "http://<address>/v2/": dial tcp 192.168.5.121:80: connect: no route to host

Me and a colleague did some investigation and it seems like the 192.168.5.0 subnet is used internally in QEMU and LIMA, which seem to result in it trying to download an image from inside its own subnet, which is not working.

Version

Colima Version:

colima version 0.4.2
git commit: f112f336d05926d62eb6134ee3d00f206560493b

runtime: docker
arch: x86_64
client: v20.10.17
server: v20.10.11

Lima Version:

limactl version 0.11.0

Qemu Version

qemu-img version 7.0.0
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers

Operating System

  • [x] macOS Intel
  • [ ] macOS m1
  • [ ] Linux

To Reproduce

Steps to reproduce the behavior:

  1. Have a private registry hosted on the 192.168.5.0 subnet.
  2. Try to pull an image using docker pull <image>.
  3. Get the following error:
    • Using default tag: latest Error response from daemon: Get "http://<address>/v2/": dial tcp 192.168.5.121:80: connect: no route to host

Expected behavior

I can pull images from our internal docker registry successfully while using our VPN.

Additional context

Our registry is not served over TLS so I have added it to the insecure-registries list in the docker config.

Joxtacy avatar Jun 14 '22 13:06 Joxtacy

Yeah, Lima uses 192.168.5.0 subnet in the VM and therefore would be impossible to reach the host. I will dig around a bit to see if there is a way out.

abiosoft avatar Jun 14 '22 17:06 abiosoft

I will dig around a bit to see if there is a way out.

I don't think so, these are hard-coded constants in the lima sources: https://github.com/lima-vm/lima/blob/master/pkg/qemu/const/const.go

Please file a Github issue on the lima repo to make them configurable!

jandubois avatar Jun 15 '22 01:06 jandubois

A workaround would be to forward the registry to your host, and then access it via host.docker.internal (see #318), but you will have to setup the forwarding yourself.

jandubois avatar Jun 15 '22 01:06 jandubois

Please file a Github issue on the lima repo to make them configurable!

https://github.com/lima-vm/lima/issues/902

abiosoft avatar Jun 15 '22 13:06 abiosoft