installed merbridge then docker pull image failed

[holooooo]

Bug Description

Docker pull any image got same error:
docker pull busybox
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp 54.198.86.24:443: connect: connection refused

But I can request it success by curl. And it will recovery immediately when I remove merbridge

Version

uname -a
Linux kube607 5.10.0-3.0.1.8.rc1 #18 SMP Mon Feb 26 11:26:14 CST 2024 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.1 LTS"
VERSION_ID="18.04"

[kebe7jun]

Sounds rather unlikely, if it's launching a Pod can it successfully pull the image?

[holooooo]

Sounds rather unlikely, if it's launching a Pod can it successfully pull the image?

Thanks for replying! And the answer is No, that why I try docker pull image manually.

(The screenshot isn't complete, and it show nothing even docker pull in the ip which I input)

Its seems that the connection is capture by ebpf? I am a totally muggle in ebpf, is there any more information I can offer?

[holooooo]

I tried nsenter into dockerd's net ns and curl the registry address, It's successed... There may exist some magic in dockerd pulling image..

[kebe7jun]

By default, we will only process traffic that contains mesh sidecar, if it is from dockerd, we will not block it. You can try turning on debug mode and checking the output of /sys/kernel/debug/tracing/trace_pipe.