Dear all,

Ever since August, we have started receiving the following error https://registry-1.docker.io/v2/: net/http: TLS handshake timeout during some docker pull operations.

The error is not consistent and appears at random times - it may fail for several days in a row and then run without issues. However, it seems that when it appears it’s usually about the same Docker images.
Finally, we always use a valid, paid account to login to dockerhub before any pull or push actions.

The error is primarily met on a Kubernetes cluster of ours, where several retries of an image pull need to take place in order for the pods to start. It is also met on some docker-in-docker containers that run within pods, in the same Kubernetes cluster.

We have already disabled all security inspection rules for this flow on the network firewall, but the issue persists.

Docker Version: 24.0.0
Cluster’s container runtime: containerd://1.7.11-k3s2

Since your container runtime is containerd, not Docker, if it is a Kubernetes network issue, the question could be asked on the Kubernetes forum. But you also mention Docker version, but an old one. And that you “primarily” experience the issue on Kubernetes clusters. Does it mean you also see it in Docker containers or that you ran Docker 24.0.0 in a Kubernetes pod as you also mention Docker in Docker?

And I also noticed that you added the “tls-inspection” tag. Do you know that tls-inspection is involved?