gateway.rancher-desktop.internal doesn't connect to host

[GMZwinge]

Actual Behavior

Rancher Desktop 1.15.0 in a Microsoft Dev Box. Inside a container, can connect to Kubernetes cluster on host using host.docker.internal but not using gateway.rancher-desktop.internal. IP Address for gateway.rancher-desktop.internal seems different than IP address for host.docker.internal.

Steps to Reproduce

docker container run --rm alpine sh -c 'command=''getent hosts host.docker.internal''; echo -e "--\\t$command:"; echo $(exec $command)'
docker container run --rm alpine sh -c 'command=''getent hosts gateway.rancher-desktop.internal''; echo -e "--\\t$command:"; echo $(exec $command)'
docker container run --rm alpine sh -c 'command=''wget https://host.docker.internal:6443''; echo -e "--\\t$command:"; echo $(exec $command)'
docker container run --rm alpine sh -c 'command=''wget https://gateway.rancher-desktop.internal:6443''; echo -e "--\\t$command:"; echo $(exec $command)'

Result

--      getent hosts host.docker.internal:
192.168.127.254 host.docker.internal host.docker.internal
--      getent hosts gateway.rancher-desktop.internal:
192.168.127.1 gateway.rancher-desktop.internal gateway.rancher-desktop.internal
--      wget https://host.docker.internal:6443:
Connecting to host.docker.internal:6443 (192.168.127.254:6443)
286BC3F5507F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
ssl_client: SSL_connect
wget: error getting response: Connection reset by peer
--      wget https://gateway.rancher-desktop.internal:6443:
Connecting to gateway.rancher-desktop.internal:6443 (192.168.127.1:6443)
wget: can't connect to remote host (192.168.127.1): Connection refused

Expected Behavior

Should be able to connect using gateway.rancher-desktop.internal and host.docker.internal. May also want to add host.docker.internal to certificate like in #6156.

Additional Information

On a Microsoft Dev Box. Not tried on a physical machine.

Rancher Desktop Version

1.15.0

Rancher Desktop K8s Version

The one coming with 1.15.0

Which container engine are you using?

moby (docker cli)

What operating system are you using?

Windows

Operating System / Build Version

Windows 11

What CPU architecture are you using?

x64

Linux only: what package format did you use to install Rancher Desktop?

None

Windows User Only

N/A

[Nino-K]

@GMZwinge Thanks for bringing this up. I’ve added the suggested entries to the certificate. However, regarding the issue with connecting to port 6443 on gateway.rancher-desktop.internal, I don’t think that is semantically correct. The gateway address is typically used for network services like DNS, DHCP, etc., and it’s not generally used to host applications. It should be sufficient to connect to your applications on the host through host.rancher-desktop.internal or host.docker.internal.

[GMZwinge]

@Nino-K Thanks. I encountered this problem in Visual Studio Code using kubectl in a Dev Container. I used gateway.rancher-desktop.internal because with host.docker.internal, the command kubectl get ns gave this error: Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for <hostname>, gateway.rancher-desktop.internal, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, localhost, not host.docker.internal. The only name valid for the certificate with an IP address similar to host.docker.internal was gateway.rancher-desktop.internal. May be the names host.rancher-desktop.internal and gateway.rancher-desktop.internalcould be documented somewhere, may be in VS Code Remote Containers, Architecture or FAQ - Q: Can containers reach back to host services via host.docker.internal?.