Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Incorrect" host-gateway in case with Rootless Docker #47684

Open
serhii-nakon opened this issue Apr 5, 2024 · 4 comments
Open

"Incorrect" host-gateway in case with Rootless Docker #47684

serhii-nakon opened this issue Apr 5, 2024 · 4 comments
Labels
area/networking area/rootless Rootless mode kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/0-triage

Comments

@serhii-nakon
Copy link
Contributor

Description

When use extra_hosts: "host.docker.internal:host-gateway" it use incorrect IP address to connect to host. host.docker.internal equal to 172.17.0.1 but should 10.0.2.2

Reproduce

  1. Add to docker-compose.yaml
extra_hosts:
    - "host.docker.internal:host-gateway"
  1. Run docker compose up
  2. Run docker compose exec service_name curl -v http://host.docker.internal
  3. Now you can see that it try to connect to incorrect IP

Expected behavior

host.docker.internal should be equal to 10.0.2.2

docker version

Client: Docker Engine - Community
 Version:           26.0.0
 API version:       1.45
 Go version:        go1.21.8
 Git commit:        2ae903e
 Built:             Wed Mar 20 15:18:01 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.0.0
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.8
  Git commit:       8b79278
  Built:            Wed Mar 20 15:18:01 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.28
  GitCommit:        ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.0.2
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /run/user/1000/dockerd-rootless
 slirp4netns:
  Version:          1.2.0
  GitCommit:        656041d45cfca7a4176f6b7eed9e4fe6c11e8383

docker info

Client: Docker Engine - Community
 Version:    26.0.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.13.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.25.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 22
  Running: 8
  Paused: 0
  Stopped: 14
 Images: 69
 Server Version: 26.0.0
 Storage Driver: overlay2
  Backing Filesystem: btrfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: false
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  rootless
  cgroupns
 Kernel Version: 6.8.4
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 30.76GiB
 Name: MSI-Bravo17
 ID: ff1c622b-6387-415e-8624-1fd851de327c
 Docker Root Dir: /home/serhy/.local/share/docker
 Debug Mode: false
 Username: nakonechnij.sergsj@gmail.com
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Additional Info

I know that I can use extra_hosts: "host.docker.internal:10.0.2.2" but I think that better way to not change code instead of hard code IPs.
@serhii-nakon serhii-nakon added kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage labels Apr 5, 2024
@serhii-nakon
Copy link
Contributor Author

If it possible, if user set env variable DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK=false change host-gateway to 10.0.2.2

@AkihiroSuda
Copy link
Member

host.docker.internal should be equal to 10.0.2.2

It should be rather set to the host IP?

@AkihiroSuda AkihiroSuda added kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. area/networking area/rootless Rootless mode and removed kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. labels Apr 6, 2024
@serhii-nakon
Copy link
Contributor Author

host.docker.internal should be equal to 10.0.2.2

It should be rather set to the host IP?

Hello @AkihiroSuda , yes.

@serhii-nakon
Copy link
Contributor Author

@AkihiroSuda at least users will expect to connect to host like in case with non Rootless Docker. Most documentation and suggestion recommend to use extra host with host.docker.internal:host-gateway to connect to host

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/networking area/rootless Rootless mode kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AkihiroSuda @serhii-nakon