tilt icon indicating copy to clipboard operation
tilt copied to clipboard
verified publisher icon tilt-dev

Tilt not respecting Docker registry mirrors

Open cah-jordan-smith03 opened this issue 8 months ago • 1 comments

Expected Behavior

I am using a VPN which blocks access to docker.io. When I am using Docker Desktop and I have set a custom registry mirror (we'll call it my-mirror), I expect tiltdev/restart-helper to pull from my-mirror when using tilt up / tilt ci.

Current Behavior

I get an error during the deployment phase that docker.io/tiltdev/restart-helper:<version> could not be pulled. It appears to be a hard-coded reference somewhere as any image references in my local project use my-mirror.

Steps to Reproduce

For sake of example, let's say we have a policy that requires a VPN always on blocking docker.io. Because of this, we have set up a proxy for images at https://my.proxy.

  1. Limit access to docker.io such that you can only pull images from https://my.proxy, this replicates the VPN in our setup. Easiest way is probably to temporarily modify /etc/hosts or something.
  2. Create a basic project that uses Tilt to deploy a k8s service. This can be as simple as a Spring Boot demo API controller. Your build build Dockerfile should pull any dependent images from https://my.proxy rather than docker.io, same for any dependent files created by tilt init.
  3. Run tilt up
  4. Examine the output. The compile step completes, but the deploy step fails. There will be an image pull error for docker.io/tiltdev/restart-helper:<version>, I will attempt to reproduce with my colleague and get better logs.

Context

tilt doctor Output

Tilt: v0.34.1, built 2025-04-04
System: darwin-arm64
---
Docker
- Host: unix:///Users/my-user/.docker/run/docker.sock
- Server Version: 28.0.4
- API Version: 1.48
- Builder: 2
- Compose Version: v2.34.0-desktop.1
---
Kubernetes
- Env: docker-desktop
- Context: docker-desktop
- Cluster Name: docker-desktop
- Namespace: my-namespace
- Container Runtime: docker
- Version: v1.31.4
- Cluster Local Registry: none
---
Thanks for seeing the Tilt Doctor!
Please send the info above when filing bug reports. 💗

About Your Use Case

Due to corporate VPN limitations, we must be able to access all tilt containers through a proxy. I doubt our organization is the first to encounter this, so it is likely a win for everyone. If it matters, the registry mirrors are being configured through the Docker Desktop UI rather than command line.

We only use Tilt for local development so apologies if there is a greater context that I am missing.

cah-jordan-smith03 avatar Apr 18 '25 21:04 cah-jordan-smith03

tilt-restart-helper is from the restart_process extension - https://github.com/tilt-dev/tilt-extensions/tree/master/restart_process

If you just need to get unblocked, it's fairly easy to form the extension and modify it in your code - https://docs.tilt.dev/extensions.html

I'm actually not totally sure what the expected behavior of docker desktop's registry mirror feature is - i.e. if the container runtime is supposed to rewrite the image reference, or if clients are supposed to read the config and take care of it. Lemme ask about this

nicks avatar Apr 19 '25 03:04 nicks