Disable slowdown when TLS deliberately disabled #430
Conversation
|
I agree that it's harsh for sure, but it is an intentional "upstream" choice in Moby / Docker Engine to have this delay, so I'd hesitate to override it based on just the environment variable we invented for the image packaging (especially when it's pretty easy to add |
|
I get that point. 👍 I just think it's bad to push this delay onto the users, who might be unaware of it. We've been using a Docker >= 19.03.12 version (where TLS is enabled by default) since June 2021, without fully realizing that this would cost us 15s for every single CI run using a Docker service in our local GitLab. 😂 I don't know for sure, but I wouldn't be very surprised if others are in the "same boat". We ended up overriding it by setting I'm open to alternative suggestions. Would you feel better about adding a note about this in the project |
|
See https://docs.docker.com/engine/deprecated/#unauthenticated-tcp-connections and https://docs.docker.com/go/api-security/ (using unauthenticated TCP is officially deprecated upstream, and as such is not something we will or even can continue to encourage or support). |
|
Interesting, thanks for the note @tianon. How is this planned (from Docker Inc) to work with Docker-in-Docker scenarios, do you know? 🤔 I mean, those are also perfectly valid "local" cases even though binding to |
Noticed this by coincidence when upgrading our local image to 23.0.6. The warning is fine in itself, but pushing the 15-second delay to all users setting
DOCKER_TLS_CERTDIR: ''(perhaps for perfectly justifiable reasons) is a bit too harsh for my taste. 🤔(Untested if this works with 24.0, so this should probably be verified before merging.)