We are trying to simplify the firewall requirements that we impose on customers running a Balena device.
Why are docker.com and docker.io listed as domains that need whitelisting?
What happens if they are not accessible?
Hello, we previously required access to docker domains for pulling base images, but that should no longer be the case (unless you are developing in local mode.) The current network requirements are listed here: Network Setup on balenaOS 2.x - Balena Documentation - I didn’t notice the docker domains listed, do you see them in other documentation?
Ah thanks. I did not notice that you updated your documentation. Great.
Docker images are usually hosted on Docker registries, and if access to Docker.com or Docker.io is blocked, the platform might not be able to pull necessary images or updates for the containers.
I am also trying to simplify the firewall requirements that I have to impose on customers. I first created our own Network Requirements back in August 2020, at the time docker.com and docker.io were on that list (although I can’t remember how they got on the list).
I can also see as noted above that it isn’t referenced in Network Setup on balenaOS - Balena Documentation
Please could @alanb128 or @alexgg (based on this post) confirm definitively that these domains are no longer needed for Balena devices to function and pull any container images? I assume the Balena team have moved to using a custom balena-cloud.com subdomain for the container image downloads?
Thanks
I received this error recently. My solution turned out to be doing a docker logout
, which seemed to clear the credential entry slot related to docker hub (speculation). After this, my docker pull redis
worked fine.
Hi @nebbles ,
You’re correct, we don’t depend on docker.com
or docker.io
access as we host our own balena-cloud registry for releases. Let us know if any further questions!
Regards,
Christina